last executing test programs: 3m53.760734755s ago: executing program 0 (id=735): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000003c000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 3m53.550734176s ago: executing program 0 (id=736): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@gettaction={0xac, 0x32, 0x20, 0x70bd2c, 0x25dfdbff, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7f}, @action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}]}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x3, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x6}, @action_gd=@TCA_ACT_TAB={0x4}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_gd=@TCA_ACT_TAB={0x38, 0x1, [{0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1ff}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x54c}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0xfffff922}]}, 0xac}, 0x1, 0x0, 0x0, 0x4000804}, 0x48c4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8f}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x0, 0x8004) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000180)={0x8f, 0x0, 0xf}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) creat(0x0, 0xe5) bpf$PROG_LOAD(0x5, 0x0, 0x0) getpid() bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x7) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r3 = openat$fb0(0xffffffffffffff9c, 0x0, 0x2b0041, 0x0) ioctl$FBIOPAN_DISPLAY(r3, 0x4606, 0x0) mprotect(&(0x7f0000710000/0x1000)=nil, 0x1000, 0x2) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/cgroup', 0x0, 0x0) getdents64(r4, &(0x7f0000000080)=""/47, 0x2f) 3m52.636004498s ago: executing program 0 (id=749): r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000040)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={&(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], 0x1, 0x1, 0x9, 0x4}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r0}) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000001280)=0x478d, 0x4) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r3, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x2, 0x3ac3}}, './file0\x00'}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r6, 0x4008af60, &(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x8, 0x9, 0x7, 0x5a, 0x3ff, 0xffff1a37, 0x3, 0x5, 0x7}) syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) (async) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000040)) (async) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={&(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], 0x1, 0x1, 0x9, 0x4}) (async) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r0}) (async) syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) (async) socket$inet6(0xa, 0x2, 0x0) (async) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) (async) socket$inet_mptcp(0x2, 0x1, 0x106) (async) bind$inet(r4, 0x0, 0x0) (async) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000001280)=0x478d, 0x4) (async) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (async) recvmmsg(r3, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x2, 0x3ac3}}, './file0\x00'}) (async) ioctl$VHOST_VSOCK_SET_GUEST_CID(r6, 0x4008af60, &(0x7f0000000200)) (async) ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x8, 0x9, 0x7, 0x5a, 0x3ff, 0xffff1a37, 0x3, 0x5, 0x7}) (async) 3m52.445576256s ago: executing program 0 (id=750): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c00000013000100000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="28150000020000000c001aab0600058004c601"], 0x2c}, 0x1, 0x0, 0x0, 0x4048904}, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="120000000700000008000000f202000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"], 0x50) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$bt_hci(r3, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x74, 0x0, &(0x7f0000000280)=[@reply={0x40406301, {0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f00000000c0)={@fda={0x66646185, 0x7, 0x1, 0x3c}, @fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000140)={0x0, 0x1c, 0x34}}}, @release={0x40046306, 0x3}, @acquire_done={0x40106309, 0x3}, @increfs_done={0x40106308, 0x1}], 0x9f, 0x0, &(0x7f0000000300)="a3fb8a8b68aca31595e60b984bdfbd48704b8971af50240b695d6982f9a5d61eb56f47c5245f335b0adad9af3becf0ad371e0c60867c5e30c178e57c9528f94768e3b0f66c99887d3888f0867ea094e4586db94d01acff9f298813405062e1db68aa92f3e36ef7440aa3450aacd3522e13416a0329ea44a42d6816d6b5ebe7ac4d00267c5a0473d1f5179ca84dc36dfb524ad8b4132bcde58113eef1bdccc7"}) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) 3m51.465122698s ago: executing program 0 (id=756): sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000000000)={0x3c, 0x0, 0x1, 0x0, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x9}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x20301, 0x0) ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x4004510d, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r2 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r2, 0xc0106407, &(0x7f0000000000)={0x2, 0x2, 0x73, 0xffffffff}) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca300000000000024030000c0feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e50002000000b0ff2604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 3m50.807383471s ago: executing program 0 (id=765): openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80882) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = openat$cdrom(0xffffffffffffff9c, 0x0, 0x900, 0x0) ioctl$DVD_READ_STRUCT(r2, 0x2272, &(0x7f0000000080)=@type=0x1) socket$packet(0x11, 0x2, 0x300) r3 = socket$netlink(0x10, 0x3, 0x4) capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000440)) write(r3, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6(0xa, 0x2, 0x4) getsockopt$inet_tcp_int(r4, 0x6, 0x17, 0x0, &(0x7f0000000400)) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_DELETE(r5, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x805}, 0x24008814) r6 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r6, 0x0, 0xf, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000100), 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x102}, 0x1}) io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) openat$nmem0(0xffffff9c, 0x0, 0x101001, 0x0) readv(r7, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x94}], 0x1) 3m35.861510122s ago: executing program 32 (id=765): openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80882) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = openat$cdrom(0xffffffffffffff9c, 0x0, 0x900, 0x0) ioctl$DVD_READ_STRUCT(r2, 0x2272, &(0x7f0000000080)=@type=0x1) socket$packet(0x11, 0x2, 0x300) r3 = socket$netlink(0x10, 0x3, 0x4) capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000440)) write(r3, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6(0xa, 0x2, 0x4) getsockopt$inet_tcp_int(r4, 0x6, 0x17, 0x0, &(0x7f0000000400)) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_DELETE(r5, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x805}, 0x24008814) r6 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r6, 0x0, 0xf, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000100), 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x102}, 0x1}) io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) openat$nmem0(0xffffff9c, 0x0, 0x101001, 0x0) readv(r7, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x94}], 0x1) 15.508040923s ago: executing program 3 (id=2407): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x4, 0x9, 0x41495043, 0x9, 0x5, [{0x1, 0xb}, {0x3, 0x9}, {0x3, 0x3ff}, {0x8, 0x7a25}, {}, {0xffff, 0xffff8000}, {0x7, 0x4}, {0x4, 0x10000}], 0xa, 0x7f, 0x4, 0x0, 0x1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@migrate={0x50, 0x21, 0x1, 0x0, 0x0, {{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0x50}}, 0x0) ftruncate(r1, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000001b80)=""/112, 0x70}], 0x1}}], 0x1, 0x700, 0x0) sendfile(r2, r1, 0x0, 0x578410eb) 14.390005992s ago: executing program 3 (id=2410): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sysfs(0xffffff9c, &(0x7f0000000180)='/sys/power/pm_debug_messages', 0x42a00, 0x40) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3c, [0x8000, 0xc95a, 0xf, 0x2, 0x6fba950d, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x6, 0x9, 0x5, 0xffdf2d37, 0xffffff01, 0xf, 0x3, 0x0, 0x5, 0x2c, 0x1, 0x7, 0x3c5b, 0x1, 0x20, 0x81, 0x7e, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x5bc, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x6, 0x3f, 0x8f, 0x4006, 0x6, 0x0, 0xffffffff, 0x4, 0x8, 0x400, 0x10000080, 0x0, 0x5, 0x7, 0x8, 0x4, 0x0, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xb, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x30f, 0x10, 0xea4, 0x7, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0xfffffffc, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x2, 0x5, 0x3, 0x9, 0x2, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x8], [0x4, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x3, 0x0, 0x7fff, 0x0, 0x5, 0x8000000b, 0x40000004, 0x9, 0x55f, 0x4, 0x1ef, 0x8, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x5, 0x1, 0x800003, 0x4000200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x8005, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x4800000, 0x0, 0x5, 0x1c, 0x120000, 0x0, 0x2006, 0x80a2ed, 0x4, 0x1ff], [0x9, 0xbb33, 0x7, 0xb, 0x7fff, 0x938, 0x6, 0x6, 0x4, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x2, 0x3, 0x101, 0x8, 0x5, 0xfffffff9, 0xffff, 0x2000a620, 0x2, 0x5, 0xfffffffd, 0x2, 0x5, 0xe7, 0x6, 0x3, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0xa, 0x3, 0x10000, 0x7, 0x7e, 0x100, 0x7f, 0x107, 0x2, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0x4a1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) socket$inet_sctp(0x2, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c00000010004b042200000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c000280080004000000000008000000050016"], 0x4c}, 0x1, 0x0, 0x0, 0x200400a0}, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) mkdirat(0xffffffffffffff9c, 0x0, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e27, 0xffffffff, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0xd}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000080)={0x3}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x48501) r5 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r5, 0x40044160, 0x3) r6 = accept4(r4, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) sendmmsg$unix(r6, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00'}) 11.778625493s ago: executing program 3 (id=2421): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000580)=ANY=[@ANYBLOB="cf599d3baed500000000000086dd60f20000004c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0006000800"], 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe80000000000000000000004c0000aa88000001"], 0x0) 11.697381789s ago: executing program 3 (id=2423): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0xc4}], {0x95, 0x0, 0x10}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r0 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newqdisc={0x24, 0x14, 0x2, 0x2, 0x25dfdbfd, {0x2, 0x0, 0x0, 0x0, {0xfff2, 0x10}, {0x7, 0x1}}}, 0x24}}, 0x0) 11.697064988s ago: executing program 3 (id=2425): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) unshare(0x20000400) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000240)={r0, 0xffffffffffffffff, 0x2c, 0x0, @void}, 0x10) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x102) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0) 11.633792193s ago: executing program 3 (id=2427): socket$nl_route(0x10, 0x3, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000001580), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) uname(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b000000000000000000", @ANYRES32=r1, @ANYBLOB="03000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000001000010400000000000000000000000f", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006261746164760000040002800800", @ANYRES64], 0x44}}, 0x0) 2.773618851s ago: executing program 2 (id=2492): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) listen(r0, 0x6) (async) connect$rose(r0, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c) (async, rerun: 64) mkdir(&(0x7f0000000040)='./bus\x00', 0x100) (rerun: 64) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x10, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async, rerun: 64) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (rerun: 64) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async, rerun: 64) r1 = getpid() (rerun: 64) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x8020) (async) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) (async) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_create(0x10) socket$netlink(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) (async) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000300)='./file0\x00') (async, rerun: 64) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) (rerun: 64) write$binfmt_script(r4, &(0x7f0000000100), 0xfffffd9d) (async) socket$key(0xf, 0x3, 0x2) (async) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000440)=[{{&(0x7f0000000340)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f00000003c0)=""/98, 0x62}], 0x1, &(0x7f00000005c0)=[@cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x5c}}], 0x1, 0x10160, 0x0) (async, rerun: 32) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 32) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000680)=@newsa={0x150, 0x10, 0x633, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x4004, 0x0, 0x8001, 0x0, 0x20, 0x0, 0x84}, {@in=@rand_addr=0x64010101, 0x0, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0xb}, {0x323}, {0x727, 0x0, 0x1000000}, {0x0, 0x0, 0x80000001}, 0x70bd29, 0x0, 0xa, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x2, 0x4e21, 0x0, @in6=@private1}}]}, 0x111}}, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) 2.34195036s ago: executing program 2 (id=2500): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000580)=ANY=[@ANYBLOB="cf599d3baed500000000000086dd60f20000004c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0006000800"], 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe80000000000000000000004c0000aa88000001"], 0x0) 2.341779195s ago: executing program 2 (id=2501): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000500860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b800294429118927"], 0xfdef) 1.217904082s ago: executing program 1 (id=2508): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) getsockopt$inet6_int(r1, 0x29, 0x4, 0x0, &(0x7f00000001c0)) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000240)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938817e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 1.151139363s ago: executing program 4 (id=2509): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'gretap0\x00', 0x0}) openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000001000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000001811000003fa19b02ca2411cf8a261acc2930a4fdc8c9a802826d531c26c2798dbb95a454fa166941d17ecd6ff4aad3ee6afda8a8bb1fc", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffad, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x80000002, r0}, 0x38) 1.150938684s ago: executing program 1 (id=2510): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) ioprio_set$uid(0x3, 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') r0 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x20000000, 0x9, 0x20ff, 0x5, 0x89, 0x400, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0) sendfile(r0, r0, &(0x7f0000000080), 0xff) 1.134437973s ago: executing program 1 (id=2511): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0xffffffffffffffd4}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x61800, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mount$9p_virtio(&(0x7f0000000180), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x40, 0x0) chdir(&(0x7f0000000100)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='devices.list\x00', 0x275a, 0x0) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='devices.list\x00', 0x275a, 0x0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000740)={0x30}, 0x30) syz_emit_ethernet(0x36, &(0x7f00000001c0)={@link_local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x12, 0x0, 0x0, 0xe000, 0x2, 0x5}}}}}, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f00000001c0)="86568a7913f018828c0e52d428f671103140f7e8884a2794a1b3f2f24a02eb9583721024fed6e2f6fa837f4577f7e26e4cc9985304fe869d18ec90d2da4ca25119b12e754cc64f018f75998b8f9101b9bcd0ee61122c83f870cab39ddeca2b26f04c44cd99729a629ce158f2febe0a3947b9863be4fd3739cf1d53eac0c8fa176deba70b1482456894a627dac63659afac15071f74046646e46785a7beaf4a1ab14550b16b3544c1439c7dc1122100f967325b6f269cb84af0dd405df5b506454282c2b7653202eb5eb5e838fbc3", 0xce}], 0x1) (async) writev(r0, &(0x7f0000000000)=[{&(0x7f00000001c0)="86568a7913f018828c0e52d428f671103140f7e8884a2794a1b3f2f24a02eb9583721024fed6e2f6fa837f4577f7e26e4cc9985304fe869d18ec90d2da4ca25119b12e754cc64f018f75998b8f9101b9bcd0ee61122c83f870cab39ddeca2b26f04c44cd99729a629ce158f2febe0a3947b9863be4fd3739cf1d53eac0c8fa176deba70b1482456894a627dac63659afac15071f74046646e46785a7beaf4a1ab14550b16b3544c1439c7dc1122100f967325b6f269cb84af0dd405df5b506454282c2b7653202eb5eb5e838fbc3", 0xce}], 0x1) r1 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000040)={r1, r1, r1}, 0x0, 0x0, 0x0) (async) keyctl$dh_compute(0x17, &(0x7f0000000040)={r1, r1, r1}, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)) (async) prctl$PR_SCHED_CORE(0x3e, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) memfd_create(&(0x7f00000000c0)='y\x105\xfb\xf7u\x83%\x1f\xe0\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x14\'\xd4\x94d\xad\x0f\xa8\xc5\xad\x001\x8b%b\x03\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00&=s\xc3\xb9W)\x98\xaf\x06\x0e&\xc0\x8b\xae\xdb\x19\x1d\x12\x92\x97\x86\xf0\x12f\xfa\x89\xc7\xd8I\xf6\x9b 5\x01', 0x4) 1.047449208s ago: executing program 4 (id=2512): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(blowfish))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r1) sendmsg$alg(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000140)="8492d8fb00bbca503b872d9d51d426beafa55a", 0x13}, {&(0x7f0000000680)="6923083a5342cd0365124079579b577c8510ffb89c73a2e86c44e45f094d07f82d9b01abb8ae9073abca1fd99c5018d1fd4647de2008ac15557c42ae8c36abc745df91d3a2464a9a55ee5b455519196ead20f21910e37836ca056a1e88d2963a37c90e0a58231afdacdef8bc8faa052132b6361c86007413328b38ccf67a2d39e4", 0x81}], 0x2, &(0x7f0000000480)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10, 0x10}, 0x40804) 1.047216576s ago: executing program 1 (id=2513): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0}, 0x10) r1 = fsopen(&(0x7f0000000080)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r2, &(0x7f0000000140)='./file0\x00') readlinkat(r2, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc) 1.046516488s ago: executing program 4 (id=2514): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={0x0}, 0x18) setfsuid(0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$misdntimer(0xffffff9c, &(0x7f0000000040), 0x143, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1200000004000000040000001200000000000000", @ANYBLOB="a54baa6446b4638b802e458656a6161b3f1327092c59c8a8810a090cd01a3d85a7a56a7768a792caa91632bce2c7aabba8f6fbbd258ff08a248f74221ebc6835695e1c39a23188862f9b350a63f5bf0484dabc232812b59dcfa9c76a5320287e325c7308bc", @ANYBLOB="03000000009aadc8a7c547fbfc460c0000000000000000002100000093", @ANYBLOB="8f2d60f191316ddbff5836434723a64936c248df6ea18af97b104575caf8049b132a761b37b248b60b3d11b6fde95afebae5e0928c6c0e62449a60f484533af081dd711fd4bf0ea25eb58bfdbdfb508b140c09bb", @ANYRES16=r0, @ANYRESHEX=r2], 0x50) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$tipc(0xffffffffffffffff, 0x0, 0xc044054) ptrace$ARCH_MAP_VDSO_X32(0x1e, 0x0, 0x2, 0x2001) syz_open_dev$tty1(0xc, 0x4, 0x3) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0x0, 0x100, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x86, 0xfffffffffffffffe, 0x80000002}, 0x0, 0x0) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x240, 0x0) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42717afad7d48ed21d3a10810639d0f01000000000000f200", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000180)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f0000001300)={"3c24139ad44aec57f2e2ad238a14fd00", r6, 0xffffffffffffffff}) ppoll(&(0x7f0000001280)=[{r8}, {r6, 0x410c}], 0x2, 0x0, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) 875.222322ms ago: executing program 1 (id=2515): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x10, &(0x7f0000000f40)=ANY=[@ANYRES16, @ANYRES32, @ANYRES64, @ANYBLOB="7591c0f0f05637045927b483094a005210569e232d1e71ffd00949", @ANYRES32, @ANYRES16=r0, @ANYBLOB="b9f48c2f5c900cfe2f830b274cac1ee33f47317355eff1ee0e3c9c2b90ebc49667ff01c25d93813cb7766507cd96193515167bb6c226439f155b4e5b6f6b8b34eaddb537c630fa2ac18cf55201fb31b3671cb0b720af1dd9ef69240e6ca098de0bf2ee93d4a7a0b84d68e6368f3c05cdb9511fc766b67dc80886e0ed2ea4349c5abdad11a1fc72d114cbdfa064794ca5b5c3d4c8457c461cd1294e3c725722b56c8b95dbd9bd72c61971dffa20959ca82a0f7b4245aa8418f365a9c4336f13464365286845c9e6fe67bf68462f6fdc1963f2910989ae30e5e45a28f652c2cabb01cfb5d556fac0c18bb551b02f0630527cbdc2c3e93c5c79690a95ae970e17473609062323b4bae58fbd284824da407abe35d9bd03ad3165a7b8db2c925c5baa6af1d15980ac6f52b23600f22017731aea9c6cbb5d5b56f86906bc633dadf99506a20a2aec990af5d30f2a293ae39554b833f116d85837abcdb71aaa1dc9e1b13b2af1f7a614b61e94cc81890e9b3b174eff798e33a5dec5b9973733866bf3de932ebd273b9fc8f73f804bec1869e52daff666f1d8b6f4062ef453b83c42b6d4fdacbde9a6803414e18a57a4a3fbab3cf700013c29dd2e3b9adee0ca85e9ba6199b2eefc9b8c3d5f745115883c83eee657da722e750c55fd27ad924ee960108b54742aa4547bd969438e05b16073fb09d7fa5ecd1e9a1866d92792544965483bf238ca74634e8c588ed74b9af7af410643fd7fe14d586af5202f2546686eed57e6e1954c3e3881edf9ca32543f99909973c9d614a601af8bc743f7f0e3764f77731251efc5a85ba808c0a5e0905b1ff96510ebb58e50953569e8473302e06d4e4944634ea7e557662fd9de67573bad21f96d9d47e69703c55a30f81275d231a21750c2d621b5e1963c1e9f05caa0a008f40ee57f4e7e3ede528ddbba58a49ecf0a652d2d21d2e0b692234754b36ef61ef0ae63de98c45a247d0598c3453bdab62ee594d5e3ca967ba3801470068bb774b2b97955b3195545e5543f442d712048a304ec132be8dd69c8064df7c73606c54e293d6f219a97aa9391ca7808832867946dd5378a916032d7b921b2eae60d724a6e7b0f1fe76780bd389b7f0a0bf6846c6b66c4ab3457d2b4887554b64588514978eb1ffa6e1d664722c184160a559269289e2d0f67c23a4119f426f613c9cb3536d53a2b2121c4b29e6e3deea8a355026c330e69493624f291306b0e425b2c84230166fcd94afe1f0a0671c4b2e51713cbc61df356e9b5fb5b23182ae8ec1c3f830b1f3277ae4b9df881dcb2c436a7abfe39d218587411ed7cb6169dedf85602fc7b0685597eae6dadce651e951f3248e1a509f34fe2eff1ff8fa65e805328b6a874c77bc2904f13dbb49bdbfa694aa36fe0b5f47b1095c5314158ad129ed03e09f5c4c91fef0c5e1cbe8a3a7e0a03720c12e3f055ae7835ea366e74b3bf206896aaff15b9ccfb10b884a69ca447a724396a179c5c47dbd2d2c0d802f8f14d5fde9adcd000317e8047d65fb5c6d1dcc5731c3f9ad4d861f44dd322f811132d8cc7f5bdc727cd9c61d36e3d8b3f4ebb0400aa3889b87aaf9cfe3866ec30afe653814d8067d43e565318d899dafc99420d1a6f409f7ec644c9515e450a544b59e1e9df6d1ea3e2b1f9f24b068f7a60602e9073d1c88d1fb60c42d91237d1bd9cb796b4c823ae8edefa34b0b8f60a3c429a664a23ebddc0ad874c1425a1ccb7189fe5288ca1f7143d20e912047990236a79787f957c5c58cc6db2e07e3b7b035e5988ef2e3433596322a0eb99fc4ce1a9356c371797aad68230a67072f8309cfab2d6ebaba84b792c7ecdad7baa4e6aed06fc6b8ec9ab34707c24288b315318fa609e8e1e30f2a22d301117ed49224195524bf2c5c4ae6af985cd3e9e95bb8c1f0602e33eda327e6bf3bfc5dca52179a89b62ff804f2859a5558385582499b199298010ca20f13837e8377d4272e3b51b52b946f9b4bea6f3dfc96c8edf624de3baf8396aafbde40e668ad6754f60e7b4818016eed4e1dd23cbed1942195845969603cb9ef2e952d2557a7fc7badb26bf08eaa51d1159d3816f2ba0bffb5237c0659ccd47fc36dce0b78dbdd8d786e3cae466031ce38bad0f9843013ded66ac62ee8498b10c2aa8f5c5ef8f93427223ae5d935b0887a94547dfd9b78886f5a2e4a6b173bc711558432ffe0b8f081862e5dc57dfdffa8b3a6a2c0d740cfcfd7721967ac3e6505afb484b30bf04869b9ebb69415483994187675e7169c400e8f2809f4810bbe5b4bac8164358781c9fbffe2c18e6d39389aab455292d398f6441e13e456115391b23695dda2a22fd6b40d6d29497ad2667cd0b0aa810803b643114f9ec9617f9e63d263ab6282255b03f1357d738d43e871fd85b39adcf87638d747b773ede16a17d3ff6392ba48168134a97413b55576c99eed08ee16cf869c17a41566a0df24fb0279948c57abb959444dad5dc6dc5c27aa53216d3c72d22e0c5b4c3d422bfc53ca602e44a91b74dc6daf36155603e2ce1b4389e02c664000eda45115b7eb616873f7c9092ae93c2373d4af1d45f9a31c3e08f4323ac5bbf3102cb05e380d60ec85b543e11ee9c2068f09a150f4043a92669fa2caffb7f89f9f844597088b6f3a4aa08490a6511e29228edd65fa866bb36ea6f86b650a9b99a71d417c48f1f0cb5288103a5d787fa5247ddaad32bc16e8c9f8e86665b751665a17461b2c89fc894fd1c21965aa27cf98360ecb15ac564e0c2f47854bddee2cf45163a151306bdf21297201552f0000b28d67bf78d066f46d3c27c924f3e33013dcaa70c5c468fa481264ed15350ae841334874f1fcb98428ff006d7a4dd08794e3d143f8c2aa9d1e030098b222814d76145cbb1a8039de807941b2763e9fde45ddebe00484a91fe372fb866bca28bc016c4ea2f6dd78997f76b1c4f8d00ca829cda1738d09576127a6e4c1cfa333f891568cf21c60b831d609f567bfe544983567433c61b6bec9eec588ac0f26da238568b9f62f831fb3b8483bfd2915bb3c638d96093d0bdbeff65e97b16be680b9e77c9b4f6be1a5a77e235f60fa1d4fe1ce8c1a1902485bcb6d8cf4d8aecf714d2cfe2c8e44c092730f26f86e6974295fc98cb71a8970e802df6054cf1705d9ee0fc5efd0ea89cb171483cc45aa5b731e1496e389031a929d9a4adec9e8fbb7f09d4d2625433c3139bae2a36ce0cb781c37e00ca9e490509bf7d4618282d541c1bd02676e87d134a812c1addd81385b58953d884a9c84a81dcde41bfc0a9ccfd477b9f1a1357b5e37fcfc511255f256405016d2ff721bd88b1303f30970a23940f5d71b685fd930f1b44914114491d13043ed83cf2e18c482a1f44e9e7334c1b2476b7ca9405474da1d78b5a5124f27b7d7d68e71d180eb93bb714156d665392f01129adbf2d02819f8ea90c28717d990d6a7cad35cdcce2b5cb2047e4acc13cefb7fed0e2d4cdab25b1057e490a75f00c172952519a40add1393c7aecf779d5bde96f2b190e52456b9c7dbb9d9a29f810b513228c2db551daf34ce19ce2a00a78bef4426351a035c8672a134814a521207e35852af4fc5811b7d0c1917188b104236ab22564ade6cbb4f59ad6070f2462310b3b89ef3b065d194d2f30c81391de5fced011af3791549f5bd30efedcce3b1222ab765ae75a65a61d9664750daa783a88bc4fc3ba0018a13716d574139ce34d71b143b0a664f04c4d1d643c5ef4754a098ae5f57e7450be3b6c4dd03030780235b713de964684d08ff217f3b0b29241679755f5a2a5b0a7d464a36e31d62fca29617e55a314fb0ddbc6075bb107af76399e744151ea4354219c4539f6459364ebc4ec4dc16c987e3bc571b7acae4798b68b4b82967b3155f80f0b47aa400d964a02fcd7cd51ab5417937a06a5c86fd9690ae0a7872d340fea5b8370e1bdf33a608567e80d560d98b5b4ff3f2878f1034719d2331c2c"], &(0x7f0000000000)='GPL\x00', 0x8, 0xaf, &(0x7f0000000140)=""/175, 0x41000, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, 0x0, 0x800) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20) r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) ioctl$EVIOCGKEY(r4, 0x80404518, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x80004519, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000200), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000f6ff00000085100000fcffffff9500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) 171.434013ms ago: executing program 4 (id=2516): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000040)='./file1\x00', 0x1e0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) ioprio_set$uid(0x3, 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') r0 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x20000000, 0x9, 0x20ff, 0x5, 0x89, 0x400, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0) sendfile(r0, r0, &(0x7f0000000080), 0xff) 171.230328ms ago: executing program 2 (id=2517): r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r0, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00 \x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x20}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x8000) 171.115248ms ago: executing program 4 (id=2518): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001003300000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef) 114.180188ms ago: executing program 2 (id=2519): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000580)=ANY=[@ANYBLOB="cf599d3baed500000000000086dd60f20000004c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0006000800"], 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000004000aa88000001"], 0x0) 113.537863ms ago: executing program 2 (id=2520): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f00000000c0)={0x0, 'macsec0\x00', {0x3}, 0x8710}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @sit={{0x8}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_6RD_PREFIX={0x14, 0xb, @private0={0xfc, 0x0, '\x00', 0x1}}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @broadcast}]}}}]}, 0x4c}}, 0x0) 153.451µs ago: executing program 1 (id=2521): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYRES16=r0], &(0x7f0000000280)='GPL\x00', 0x3, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$vbi(&(0x7f0000000240), 0x3, 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x92880, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0x6, [{}, {0x9}, {}, {}, {}, {}, {0x0, 0xba5b}, {0x0, 0xfffffffc}], 0x0, 0x0, 0x0, 0x0, 0x4}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000480)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/277, &(0x7f0000000340)='/\x00\x01\x00H\x98', 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) 0s ago: executing program 4 (id=2522): pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS2(r2, 0x402c542b, &(0x7f00000000c0)={0x0, 0x0, 0x1000, 0x10, 0xfe, "0e2092805b96fd01845531251637e116b87d15", 0x0, 0x2}) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x0, 0x2, 0x0, {0x0, 0x1}, {0x45, 0x2}, @rumble={0x42c, 0x1ff}}) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) write$char_usb(r3, &(0x7f0000000040)="e2", 0x12d8) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r1}}) splice(r0, 0x0, r4, 0x0, 0x1fffffffffff, 0x0) kernel console output (not intermixed with test programs): 491][ T9] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 186.065200][ T9] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 186.067995][ T9568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1014'. [ 186.068272][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.113415][ T9554] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 186.120284][ T9] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 186.468230][ T9571] netlink: 'syz.1.1017': attribute type 4 has an invalid length. [ 186.712286][ T9602] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1022'. [ 187.221822][ T9609] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1025'. [ 187.356305][ T9611] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1026'. [ 187.667298][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.669355][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.759029][ T9622] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1030'. [ 187.823813][ T5955] Bluetooth: hci2: unexpected event 0x09 length: 6 > 3 [ 187.844811][ T9628] lo speed is unknown, defaulting to 1000 [ 187.857696][ T9628] lo speed is unknown, defaulting to 1000 [ 187.914498][ T29] usb 7-1: USB disconnect, device number 9 [ 187.953583][ T9624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 188.091696][ T9640] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1036'. [ 188.435801][ T9658] lo speed is unknown, defaulting to 1000 [ 188.439785][ T9658] lo speed is unknown, defaulting to 1000 [ 188.553004][ T9667] syz.2.1039: attempt to access beyond end of device [ 188.553004][ T9667] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0 [ 188.556958][ T9667] syz.2.1039: attempt to access beyond end of device [ 188.556958][ T9667] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0 [ 188.561145][ T9667] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 188.564159][ T9667] syz.2.1039: attempt to access beyond end of device [ 188.564159][ T9667] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0 [ 188.570342][ T9667] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 188.574993][ T9667] syz.2.1039: attempt to access beyond end of device [ 188.574993][ T9667] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 188.581775][ T9667] syz.2.1039: attempt to access beyond end of device [ 188.581775][ T9667] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 188.585740][ T9667] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 188.588731][ T9667] syz.2.1039: attempt to access beyond end of device [ 188.588731][ T9667] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 188.589586][ T2136] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 188.593158][ T9667] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 188.615301][ T9667] syz.2.1039: attempt to access beyond end of device [ 188.615301][ T9667] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 188.619685][ T9667] syz.2.1039: attempt to access beyond end of device [ 188.619685][ T9667] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 188.623876][ T9667] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 188.627355][ T9667] syz.2.1039: attempt to access beyond end of device [ 188.627355][ T9667] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 188.632766][ T9667] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 188.635943][ T9667] syz.2.1039: attempt to access beyond end of device [ 188.635943][ T9667] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 188.641039][ T9667] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 188.644044][ T9667] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 188.648040][ T9667] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 188.771131][ T2136] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 188.774599][ T2136] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 188.777694][ T2136] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 188.780797][ T2136] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.787965][ T9653] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 188.793109][ T2136] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 188.916500][ T9683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1044'. [ 188.985039][ T9685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1045'. [ 189.120161][ T24] usb 8-1: USB disconnect, device number 11 [ 189.793766][ T9698] netlink: 'syz.1.1050': attribute type 1 has an invalid length. [ 189.809929][ T9698] 8021q: adding VLAN 0 to HW filter on device bond2 [ 189.862917][ T9698] bond2: (slave veth5): Enslaving as an active interface with a down link [ 189.874885][ T9698] bond2: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 190.516201][ T9710] bond2: (slave veth0_to_bond): Releasing active interface [ 190.564629][ T9710] bond2: (slave veth5): Releasing active interface [ 190.779218][ T9716] input: syz1 as /devices/virtual/input/input14 [ 191.078922][ T9729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1057'. [ 191.204620][ T9732] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input15 [ 191.271565][ T9735] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1059'. [ 191.323336][ T5955] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 191.325616][ T5956] Bluetooth: hci1: command 0x1003 tx timeout [ 192.556719][ T9760] xt_bpf: check failed: parse error [ 192.697315][ T9767] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 192.768605][ T9773] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1067'. [ 193.464671][ T9809] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1071'. [ 193.646681][ T9817] xt_bpf: check failed: parse error [ 193.664326][ T9814] input: syz0 as /devices/virtual/input/input16 [ 194.015820][ T9836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1077'. [ 194.116493][ T9849] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1079'. [ 194.195288][ T9843] random: crng reseeded on system resumption [ 195.318073][ T9885] xt_bpf: check failed: parse error [ 196.380109][ T9890] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1090'. [ 196.647319][ T9918] xt_bpf: check failed: parse error [ 196.744433][ T9923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1099'. [ 196.814124][ T9930] overlayfs: failed to resolve './file0': -2 [ 196.838653][ T9934] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1102'. [ 196.842063][ T9934] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1102'. [ 196.845477][ T9934] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1102'. [ 196.849350][ T9934] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1102'. [ 196.853008][ T9934] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1102'. [ 197.198472][ T9954] xt_bpf: check failed: parse error [ 198.527095][ T9987] xt_bpf: check failed: parse error [ 198.575823][ T9993] overlayfs: failed to resolve './file0': -2 [ 199.936083][T10013] lo speed is unknown, defaulting to 1000 [ 199.946653][T10013] lo speed is unknown, defaulting to 1000 [ 200.013824][T10019] xt_bpf: check failed: parse error [ 200.049860][T10020] IPVS: stopping backup sync thread 10021 ... [ 200.189084][T10016] netlink: 'syz.1.1125': attribute type 4 has an invalid length. [ 200.204349][T10016] __nla_validate_parse: 29 callbacks suppressed [ 200.204361][T10016] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1125'. [ 200.214023][T10016] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1125'. [ 200.610539][ T34] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 200.763336][ T34] usb 7-1: Using ep0 maxpacket: 8 [ 200.775191][ T34] usb 7-1: too many configurations: 17, using maximum allowed: 8 [ 200.794340][ T34] usb 7-1: config 0 has an invalid interface number: 143 but max is 0 [ 200.811540][ T34] usb 7-1: config 0 has no interface number 0 [ 200.834281][ T34] usb 7-1: config 0 has an invalid interface number: 143 but max is 0 [ 200.845346][ T34] usb 7-1: config 0 has no interface number 0 [ 200.861702][ T34] usb 7-1: config 0 has an invalid interface number: 143 but max is 0 [ 200.874825][ T34] usb 7-1: config 0 has no interface number 0 [ 200.904887][ T34] usb 7-1: config 0 has an invalid interface number: 143 but max is 0 [ 200.935279][ T34] usb 7-1: config 0 has no interface number 0 [ 200.952882][ T34] usb 7-1: config 0 has an invalid interface number: 143 but max is 0 [ 200.979681][ T34] usb 7-1: config 0 has no interface number 0 [ 201.008858][ T34] usb 7-1: config 0 has an invalid interface number: 143 but max is 0 [ 201.035334][ T34] usb 7-1: config 0 has no interface number 0 [ 201.055534][ T34] usb 7-1: config 0 has an invalid interface number: 143 but max is 0 [ 201.079171][ T34] usb 7-1: config 0 has no interface number 0 [ 201.101658][ T34] usb 7-1: config 0 has an invalid interface number: 143 but max is 0 [ 201.124265][ T34] usb 7-1: config 0 has no interface number 0 [ 201.155302][ T34] usb 7-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b [ 201.206476][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.291693][ T34] usb 7-1: config 0 descriptor?? [ 201.461897][ T34] viperboard 7-1:0.143: version 0.00 found at bus 007 address 010 [ 201.818238][ T34] viperboard-i2c viperboard-i2c.3.auto: error -EIO: failure setting i2c_bus_freq to 100 [ 201.834943][ T34] viperboard-i2c viperboard-i2c.3.auto: probe with driver viperboard-i2c failed with error -5 [ 202.956598][T10052] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1134'. [ 203.047953][ T54] usb 7-1: USB disconnect, device number 10 [ 203.153046][T10056] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 203.190982][T10057] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1135'. [ 203.202735][T10056] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1136'. [ 203.235956][T10068] autofs: Unknown parameter 'fڱ(ύV3w?jǨܒH/{Fvsz}ꢹZhN3tO&FJ?nåX:Ⱥ+dױd' [ 203.416320][T10074] tipc: Started in network mode [ 203.418027][T10074] tipc: Node identity 464dc135ab6b, cluster identity 4711 [ 203.439675][T10074] tipc: Enabled bearer , priority 0 [ 203.710984][ T40] audit: type=1800 audit(1748778608.923:13288): pid=10075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1139" name="file0" dev="overlay" ino=1511 res=0 errno=0 [ 204.368845][ T34] tipc: Disabling bearer [ 204.540440][T10111] xt_bpf: check failed: parse error [ 205.598675][T10129] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1153'. [ 205.969457][T10138] xt_bpf: check failed: parse error [ 206.270045][T10145] syz.3.1154: vmalloc error: size 2003292160, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 206.274951][T10145] CPU: 1 UID: 0 PID: 10145 Comm: syz.3.1154 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) [ 206.274979][T10145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 206.274987][T10145] Call Trace: [ 206.274992][T10145] [ 206.274997][T10145] dump_stack_lvl+0x16c/0x1f0 [ 206.275015][T10145] warn_alloc+0x248/0x3a0 [ 206.275031][T10145] ? __pfx_warn_alloc+0x10/0x10 [ 206.275046][T10145] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 206.275060][T10145] ? stack_depot_save_flags+0x3e0/0xa40 [ 206.275081][T10145] ? kasan_save_stack+0x42/0x60 [ 206.275094][T10145] ? kasan_save_stack+0x33/0x60 [ 206.275106][T10145] ? kasan_save_track+0x14/0x30 [ 206.275118][T10145] ? vb2_vmalloc_alloc+0xf9/0x3f0 [ 206.275135][T10145] ? __vb2_queue_alloc+0x8c9/0x1280 [ 206.275151][T10145] ? vb2_core_create_bufs+0x559/0xab0 [ 206.275167][T10145] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 206.275184][T10145] __vmalloc_node_range_noprof+0x10ce/0x1520 [ 206.275196][T10145] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 206.275215][T10145] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 206.275234][T10145] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 206.275250][T10145] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 206.275267][T10145] vmalloc_user_noprof+0x9e/0xe0 [ 206.275278][T10145] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 206.275295][T10145] vb2_vmalloc_alloc+0x135/0x3f0 [ 206.275312][T10145] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 206.275329][T10145] __vb2_queue_alloc+0x8c9/0x1280 [ 206.275353][T10145] vb2_core_create_bufs+0x559/0xab0 [ 206.275372][T10145] ? __pfx_vb2_core_create_bufs+0x10/0x10 [ 206.275402][T10145] vb2_create_bufs+0x5e8/0x840 [ 206.275420][T10145] ? __pfx_vb2_create_bufs+0x10/0x10 [ 206.275436][T10145] ? v4l_sanitize_colorspace+0x213/0x400 [ 206.275455][T10145] vb2_ioctl_create_bufs+0x244/0x3e0 [ 206.275472][T10145] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 206.275489][T10145] vidioc_create_bufs+0x7d/0xf0 [ 206.275506][T10145] v4l_create_bufs+0x156/0x270 [ 206.275519][T10145] __video_do_ioctl+0xb40/0xfc0 [ 206.275535][T10145] ? __pfx___video_do_ioctl+0x10/0x10 [ 206.275548][T10145] ? __kmalloc_noprof+0x242/0x510 [ 206.275561][T10145] ? __pfx___schedule+0x10/0x10 [ 206.275574][T10145] video_usercopy+0x47c/0x1440 [ 206.275588][T10145] ? __pfx___video_do_ioctl+0x10/0x10 [ 206.275601][T10145] ? __pfx_video_usercopy+0x10/0x10 [ 206.275614][T10145] ? rcu_is_watching+0x12/0xc0 [ 206.275634][T10145] ? __pfx_video_ioctl2+0x10/0x10 [ 206.275650][T10145] v4l2_ioctl+0x1bd/0x250 [ 206.275661][T10145] ? __ia32_compat_sys_openat+0x161/0x210 [ 206.275679][T10145] v4l2_compat_ioctl32+0x214/0x2c0 [ 206.275690][T10145] ? __pfx_v4l2_compat_ioctl32+0x10/0x10 [ 206.275702][T10145] __ia32_compat_sys_ioctl+0x23f/0x370 [ 206.275721][T10145] __do_fast_syscall_32+0x7c/0x3a0 [ 206.275735][T10145] do_fast_syscall_32+0x32/0x80 [ 206.275748][T10145] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 206.275762][T10145] RIP: 0023:0xf7fa5579 [ 206.275771][T10145] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 206.275781][T10145] RSP: 002b:00000000f508455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 206.275792][T10145] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000c0f8565c [ 206.275799][T10145] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 206.275806][T10145] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 206.275812][T10145] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 206.275818][T10145] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 206.275832][T10145] [ 206.275865][T10145] Mem-Info: [ 206.401588][T10145] active_anon:15066 inactive_anon:17 isolated_anon:0 [ 206.401588][T10145] active_file:14210 inactive_file:37234 isolated_file:0 [ 206.401588][T10145] unevictable:1768 dirty:98 writeback:0 [ 206.401588][T10145] slab_reclaimable:5658 slab_unreclaimable:68412 [ 206.401588][T10145] mapped:27129 shmem:10848 pagetables:1047 [ 206.401588][T10145] sec_pagetables:309 bounce:0 [ 206.401588][T10145] kernel_misc_reclaimable:0 [ 206.401588][T10145] free:31812 free_pcp:5685 free_cma:0 [ 206.418918][T10145] Node 0 active_anon:2540kB inactive_anon:60kB active_file:64kB inactive_file:144kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:3108kB dirty:0kB writeback:0kB shmem:6636kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8416kB pagetables:1368kB sec_pagetables:1144kB all_unreclaimable? no Balloon:0kB [ 206.429237][T10145] Node 1 active_anon:57624kB inactive_anon:8kB active_file:56776kB inactive_file:148792kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:105408kB dirty:392kB writeback:0kB shmem:36756kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4532kB pagetables:2820kB sec_pagetables:92kB all_unreclaimable? no Balloon:0kB [ 206.439275][T10145] Node 0 DMA free:2068kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:4kB inactive_anon:20kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:472kB local_pcp:104kB free_cma:0kB [ 206.447630][T10145] lowmem_reserve[]: 0 289 289 289 289 [ 206.449282][T10145] Node 0 DMA32 free:15712kB boost:0kB min:13332kB low:16664kB high:19996kB reserved_highatomic:2048KB active_anon:2536kB inactive_anon:40kB active_file:64kB inactive_file:144kB unevictable:3536kB writepending:0kB present:1032196kB managed:296944kB mlocked:0kB bounce:0kB free_pcp:4152kB local_pcp:2048kB free_cma:0kB [ 206.458166][T10145] lowmem_reserve[]: 0 0 0 0 0 [ 206.459738][T10145] Node 1 DMA32 free:112056kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:57624kB inactive_anon:8kB active_file:56776kB inactive_file:148792kB unevictable:3536kB writepending:392kB present:1048432kB managed:948276kB mlocked:0kB bounce:0kB free_pcp:16628kB local_pcp:6356kB free_cma:0kB [ 206.468903][T10145] lowmem_reserve[]: 0 0 0 0 0 [ 206.470470][T10145] Node 0 DMA: 7*4kB (UM) 41*8kB (UM) 15*16kB (UM) 6*32kB (UM) 0*64kB 0*128kB 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2068kB [ 206.474712][T10145] Node 0 DMA32: 208*4kB (U) 74*8kB (UMEH) 19*16kB (UEH) 79*32kB (UEH) 37*64kB (UMEH) 11*128kB (UME) 12*256kB (UME) 7*512kB (UM) 1*1024kB (U) 0*2048kB 0*4096kB = 15712kB [ 206.479863][T10145] Node 1 DMA32: 143*4kB (U) 186*8kB (UE) 140*16kB (UME) 151*32kB (UME) 138*64kB (UME) 78*128kB (UME) 55*256kB (UME) 26*512kB (UME) 23*1024kB (UME) 6*2048kB (UM) 5*4096kB (M) = 111660kB [ 206.485353][T10145] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 206.488308][T10145] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 206.491082][T10145] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 206.493897][T10145] Node 1 hugepages_total=4 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 206.496904][T10145] 62811 total pagecache pages [ 206.498402][T10145] 373 pages in swap cache [ 206.499678][T10145] Free swap = 120304kB [ 206.500905][T10145] Total swap = 124996kB [ 206.502183][T10145] 524155 pages RAM [ 206.503327][T10145] 0 pages HighMem/MovableOnly [ 206.504769][T10145] 209010 pages reserved [ 206.506036][T10145] 0 pages cma reserved [ 207.076905][T10158] "syz.4.1160" (10158) uses obsolete ecb(arc4) skcipher [ 207.232777][T10171] overlayfs: failed to resolve './file1': -2 [ 207.479286][T10180] tmpfs: Bad value for 'mpol' [ 207.557486][ T40] audit: type=1326 audit(1748778613.112:13289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.4.1168" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 207.569544][ T40] audit: type=1326 audit(1748778613.123:13290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.4.1168" exe="/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 207.579281][ T40] audit: type=1326 audit(1748778613.123:13291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.4.1168" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 207.589078][ T40] audit: type=1326 audit(1748778613.123:13292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.4.1168" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 207.599436][ T40] audit: type=1326 audit(1748778613.123:13293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.4.1168" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 207.609173][ T40] audit: type=1326 audit(1748778613.123:13294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.4.1168" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 207.619662][ T40] audit: type=1326 audit(1748778613.123:13295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.4.1168" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 207.628982][ T40] audit: type=1326 audit(1748778613.123:13296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.4.1168" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 207.636843][ T40] audit: type=1326 audit(1748778613.123:13297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.4.1168" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 208.401691][T10194] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1172'. [ 209.972210][T10224] vlan0: entered promiscuous mode [ 209.975072][T10224] vlan0: entered allmulticast mode [ 209.977431][T10224] hsr_slave_1: entered allmulticast mode [ 210.000661][T10224] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1180'. [ 210.594207][T10235] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1183'. [ 210.704771][T10238] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1182'. [ 210.796542][T10240] overlayfs: failed to resolve './file1': -2 [ 211.189641][T10247] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1187'. [ 211.522852][T10261] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 211.574378][T10261] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1192'. [ 212.579981][T10290] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1199'. [ 212.680270][T10294] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1201'. [ 212.816133][T10298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1203'. [ 213.223183][T10310] can0: slcan on pty28. [ 213.464740][ T9074] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 213.605905][ T9074] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 213.609612][ T9074] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 213.614656][ T9074] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 213.618729][ T9074] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 213.624168][ T9074] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 213.630541][ T9074] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 213.634979][ T9074] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 213.638232][ T9074] usb 9-1: Product: syz [ 213.639984][ T9074] usb 9-1: Manufacturer: syz [ 213.652176][ T9074] cdc_wdm 9-1:1.0: skipping garbage [ 213.654407][ T9074] cdc_wdm 9-1:1.0: skipping garbage [ 213.661764][ T9074] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device [ 213.664411][ T9074] cdc_wdm 9-1:1.0: Unknown control protocol [ 213.676015][T10322] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 213.829035][T10330] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1210'. [ 213.847435][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 213.850300][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 213.852774][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 213.854907][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 213.857235][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 213.859596][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 213.862332][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 213.864829][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 213.867203][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 213.869500][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 213.871819][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 213.874307][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 213.876591][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 213.878925][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 213.881490][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 213.884010][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 213.886482][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 213.888598][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 213.890884][ C2] cdc_wdm 9-1:1.0: nonzero urb status received: -71 [ 213.893333][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes [ 213.899150][ T24] usb 9-1: USB disconnect, device number 2 [ 213.901052][ C2] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 214.101726][T10334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1212'. [ 214.106052][T10334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1212'. [ 214.223409][T10309] can0 (unregistered): slcan off pty28. [ 214.810969][T10357] 9pnet_virtio: no channels available for device ./file0/file0 [ 214.896072][T10365] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 214.978204][T10372] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 214.986918][T10372] CIFS mount error: No usable UNC path provided in device string! [ 214.986918][T10372] [ 214.990293][T10372] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 215.098511][T10378] netlink: 'syz.2.1224': attribute type 32 has an invalid length. [ 215.108596][T10378] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 215.395612][T10396] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 215.395706][T10394] __nla_validate_parse: 8 callbacks suppressed [ 215.395716][T10394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1229'. [ 215.597909][T10407] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1232'. [ 215.601940][T10407] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1232'. [ 215.607662][T10407] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1232'. [ 215.611154][T10411] 8021q: adding VLAN 0 to HW filter on device bond3 [ 215.613405][T10407] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1232'. [ 215.614428][T10407] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1232'. [ 215.619437][T10411] bond3: entered promiscuous mode [ 215.620131][T10407] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1232'. [ 215.622027][T10411] bond0: (slave bond3): Enslaving as an active interface with an up link [ 215.626055][T10407] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1232'. [ 215.633608][T10411] xt_ecn: cannot match TCP bits for non-tcp packets [ 215.633628][T10407] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1232'. [ 215.639426][T10407] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1232'. [ 216.009773][T10422] overlayfs: failed to resolve './file0': -2 [ 216.355099][T10430] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 217.418655][ T9074] libceph: connect (1)[c::]:6789 error -101 [ 217.425188][ T9074] libceph: mon0 (1)[c::]:6789 connect error [ 217.680736][ T9074] libceph: connect (1)[c::]:6789 error -101 [ 217.688601][ T9074] libceph: mon0 (1)[c::]:6789 connect error [ 218.170533][T10454] ceph: No mds server is up or the cluster is laggy [ 218.195264][ T34] libceph: connect (1)[c::]:6789 error -101 [ 218.198219][ T34] libceph: mon0 (1)[c::]:6789 connect error [ 218.404309][ T9074] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 218.484205][T10461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.488833][T10461] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.506001][T10479] bond0: (slave bond3): Releasing backup interface [ 220.526509][T10479] bond3: left promiscuous mode [ 220.572302][T10482] lo speed is unknown, defaulting to 1000 [ 220.588925][T10482] lo speed is unknown, defaulting to 1000 [ 220.721845][T10489] veth1_to_team: entered promiscuous mode [ 220.727236][T10485] veth0: entered promiscuous mode [ 220.894575][T10491] block device autoloading is deprecated and will be removed. [ 220.897405][T10491] bio_check_eod: 2 callbacks suppressed [ 220.897415][T10491] syz.3.1253: attempt to access beyond end of device [ 220.897415][T10491] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 221.005993][T10491] IPVS: length: 1986356271 != 201483275040 [ 221.535232][T10483] veth0: left promiscuous mode [ 221.536869][T10483] veth1_to_team: left promiscuous mode [ 221.848405][ T40] kauditd_printk_skb: 265 callbacks suppressed [ 221.848420][ T40] audit: type=1326 audit(1748778628.103:13563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10505 comm="syz.2.1257" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f63579 code=0x0 [ 221.924016][T10510] geneve2: entered promiscuous mode [ 221.925800][T10510] geneve2: entered allmulticast mode [ 222.835304][T10528] __nla_validate_parse: 43 callbacks suppressed [ 222.835317][T10528] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1261'. [ 222.847322][T10529] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1259'. [ 222.984945][T10533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1262'. [ 222.988740][T10533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1262'. [ 223.072940][T10532] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 223.913504][T10549] xt_NFQUEUE: number of total queues is 0 [ 224.864295][T10560] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1268'. [ 225.062381][T10553] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1267'. [ 225.065310][T10553] netlink: 'syz.1.1267': attribute type 5 has an invalid length. [ 225.158194][T10553] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1267'. [ 225.207298][T10553] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 225.210063][T10553] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 225.213433][T10553] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 225.226163][T10553] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 225.240725][T10553] geneve2: entered promiscuous mode [ 225.249430][T10553] geneve2: entered allmulticast mode [ 225.282375][T10573] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1271'. [ 225.515636][T10576] program syz.3.1273 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 225.994165][T10595] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 226.871467][T10611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1283'. [ 226.895635][T10613] netlink: 'syz.4.1284': attribute type 2 has an invalid length. [ 226.901260][T10613] netlink: 723 bytes leftover after parsing attributes in process `syz.4.1284'. [ 227.023154][T10617] trusted_key: encrypted_key: insufficient parameters specified [ 227.235089][ T9] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 227.387384][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 227.393149][ T9] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 227.396811][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.399687][ T9] usb 8-1: Product: syz [ 227.401070][ T9] usb 8-1: Manufacturer: syz [ 227.402610][ T9] usb 8-1: SerialNumber: syz [ 227.418498][ T9] usb 8-1: config 0 descriptor?? [ 227.616607][T10640] lo speed is unknown, defaulting to 1000 [ 227.618657][T10603] overlayfs: failed to resolve './file1': -2 [ 227.620570][T10640] lo speed is unknown, defaulting to 1000 [ 227.622024][ T9] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 227.636984][ T9] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 227.663652][ T9] usb 8-1: USB disconnect, device number 13 [ 228.170773][T10649] __nla_validate_parse: 1 callbacks suppressed [ 228.170819][T10649] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1294'. [ 228.237968][T10653] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1295'. [ 228.241847][T10653] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1295'. [ 229.324055][T10655] 9pnet_fd: Insufficient options for proto=fd [ 229.327433][T10655] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1297'. [ 229.997411][ T9] libceph: connect (1)[c::]:6789 error -101 [ 229.999998][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 230.200566][T10678] ceph: No mds server is up or the cluster is laggy [ 230.351881][ T9] libceph: connect (1)[c::]:6789 error -101 [ 230.380199][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 230.618091][T10698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1307'. [ 230.713746][T10709] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1310'. [ 230.823160][T10715] overlayfs: failed to clone upperpath [ 231.068471][T10722] overlayfs: missing 'lowerdir' [ 231.767016][T10735] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1320'. [ 233.087831][T10776] overlayfs: missing 'lowerdir' [ 233.541455][ T9] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 233.695903][ T9] usb 9-1: config index 0 descriptor too short (expected 45, got 36) [ 233.698953][ T9] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 233.702524][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 233.709625][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 233.717129][ T9] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 233.721869][ T9] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 233.724872][ T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.730491][ T9] usb 9-1: config 0 descriptor?? [ 234.121291][ T9] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd [ 234.125402][ T9] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 234.132450][ T9] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 234.364926][T10785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.369362][T10785] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.383705][ T2136] usb 9-1: USB disconnect, device number 3 [ 234.668461][T10824] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1348'. [ 234.895413][T10828] overlayfs: missing 'lowerdir' [ 234.940139][T10830] bridge0: entered allmulticast mode [ 234.946852][T10830] pim6reg: entered allmulticast mode [ 234.950593][T10830] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1351'. [ 234.953663][T10830] bridge_slave_1: left allmulticast mode [ 234.956359][T10830] bridge_slave_1: left promiscuous mode [ 234.958805][T10830] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.994128][T10830] bridge_slave_0: left allmulticast mode [ 234.996011][T10830] bridge_slave_0: left promiscuous mode [ 235.000156][T10830] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.067163][T10830] bridge0 (unregistering): left allmulticast mode [ 235.527860][T10841] 9pnet: Unknown protocol version 9_2000 [ 235.885913][T10844] Bluetooth: hci1: Frame reassembly failed (-84) [ 235.892582][T10845] Bluetooth: hci1: Frame reassembly failed (-84) [ 235.967959][T10850] lo speed is unknown, defaulting to 1000 [ 235.971364][T10850] lo speed is unknown, defaulting to 1000 [ 236.040657][T10851] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.043220][T10851] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.170929][T10851] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 236.180295][T10851] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 236.229289][T10851] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.232752][T10851] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.236760][T10851] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.239523][T10851] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.267275][ T34] lo speed is unknown, defaulting to 1000 [ 236.269093][ T34] sz1: Port: 1 Link DOWN [ 236.283077][ T34] lo speed is unknown, defaulting to 1000 [ 236.533740][T10865] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1359'. [ 237.162415][T10873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1361'. [ 237.222509][T10879] overlayfs: missing 'lowerdir' [ 237.808691][ T5955] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 237.883629][T10887] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 238.351264][T10901] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1368'. [ 238.576541][ T2136] libceph: connect (1)[c::]:6789 error -101 [ 238.579085][ T2136] libceph: mon0 (1)[c::]:6789 connect error [ 238.614115][T10889] ceph: No mds server is up or the cluster is laggy [ 238.891160][T10915] "syz.1.1372" (10915) uses obsolete ecb(arc4) skcipher [ 239.179529][T10926] netlink: 'syz.4.1375': attribute type 2 has an invalid length. [ 239.182554][T10926] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1375'. [ 239.185657][T10926] nbd: must specify a device to reconfigure [ 239.399113][ T8311] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 239.625041][ T8311] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 239.628754][ T8311] usb 7-1: config 0 has no interfaces? [ 239.630476][ T8311] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 239.633257][ T8311] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.645902][ T8311] usb 7-1: config 0 descriptor?? [ 239.893346][T10944] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 239.924226][ T8311] usb 7-1: USB disconnect, device number 11 [ 239.945768][T10944] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1380'. [ 240.067812][T10956] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 240.070481][T10956] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 240.074604][T10956] vhci_hcd vhci_hcd.0: Device attached [ 240.123681][ T34] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 240.131570][ T34] hid-generic 0000:0000:0000.0004: hidraw1: HID v0.00 Device [syz1] on syz0 [ 240.187971][T10965] fido_id[10965]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 240.323407][ T29] usb 43-1: new high-speed USB device number 2 using vhci_hcd [ 241.097425][T10962] vhci_hcd: connection reset by peer [ 241.099411][ T61] vhci_hcd: stop threads [ 241.105026][ T61] vhci_hcd: release socket [ 241.110718][ T61] vhci_hcd: disconnect device [ 241.747824][ T2136] libceph: connect (1)[c::]:6789 error -101 [ 241.750390][ T2136] libceph: mon0 (1)[c::]:6789 connect error [ 241.793569][T10992] ceph: No mds server is up or the cluster is laggy [ 242.118852][T11013] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1395'. [ 242.177979][T11017] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 242.633623][T11033] netlink: 'syz.2.1401': attribute type 4 has an invalid length. [ 242.646934][T11033] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1401'. [ 242.660723][T11033] : renamed from bond0 [ 242.696929][ T40] audit: type=1326 audit(1748778650.002:13564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11036 comm="syz.4.1402" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc3579 code=0x0 [ 242.703638][T11033] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 243.634015][T11059] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1408'. [ 244.893021][T11096] netlink: 'syz.3.1418': attribute type 1 has an invalid length. [ 245.190407][ T29] vhci_hcd: vhci_device speed not set [ 246.193281][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 246.195428][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 246.215645][T11130] pim6reg9: entered allmulticast mode [ 246.302312][T11136] hfs: unable to load iocharset "io#harset" [ 246.606691][T11151] netlink: 'syz.3.1432': attribute type 10 has an invalid length. [ 246.609261][T11151] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1432'. [ 246.631798][T11151] team0: Port device geneve0 added [ 247.154017][T11166] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1436'. [ 247.172650][T11166] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1436'. [ 247.436058][ T40] audit: type=1326 audit(1748778654.968:13565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11167 comm="syz.2.1439" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f63579 code=0x0 [ 247.537721][T11173] binder_alloc: 11171: binder_alloc_buf size 12376 failed, no address space [ 247.541158][T11173] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 12280 (num: 1 largest: 12280) [ 247.554355][T11173] 9pnet_virtio: no channels available for device syz [ 247.908665][T11185] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1443'. [ 248.819314][T11204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1450'. [ 249.297013][T11222] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1456'. [ 249.534681][T11229] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 249.596858][T11229] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1458'. [ 249.701955][T11236] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1460'. [ 249.765922][T11238] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1461'. [ 249.842373][T11246] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1464'. [ 250.450858][T11263] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 250.932024][T11277] overlayfs: failed to clone upperpath [ 251.571817][T11286] overlayfs: missing 'lowerdir' [ 252.828634][T11313] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 252.837463][T11313] overlayfs: failed to set xattr on upper [ 252.840149][T11313] overlayfs: ...falling back to redirect_dir=nofollow. [ 252.843486][T11313] overlayfs: ...falling back to uuid=null. [ 252.852661][T11315] __nla_validate_parse: 1 callbacks suppressed [ 252.852679][T11315] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1482'. [ 252.931771][ C1] Unknown status report in ack skb [ 254.132011][ T40] audit: type=1326 audit(1748778662.001:13566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.3.1489" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 254.140509][T11336] netlink: 'syz.3.1489': attribute type 1 has an invalid length. [ 254.145689][ T40] audit: type=1326 audit(1748778662.001:13567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.3.1489" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 254.153220][ T40] audit: type=1326 audit(1748778662.001:13568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.3.1489" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 254.160146][ T40] audit: type=1326 audit(1748778662.001:13569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.3.1489" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 254.167059][ T40] audit: type=1326 audit(1748778662.001:13570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.3.1489" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 254.174149][ T40] audit: type=1326 audit(1748778662.001:13571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.3.1489" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 254.180859][ T40] audit: type=1326 audit(1748778662.001:13572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.3.1489" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 254.187757][ T40] audit: type=1326 audit(1748778662.001:13573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.3.1489" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 254.195300][ T40] audit: type=1326 audit(1748778662.001:13574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.3.1489" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 254.202101][ T40] audit: type=1326 audit(1748778662.001:13575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11335 comm="syz.3.1489" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 254.381286][T11347] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1491'. [ 255.243351][T11362] program syz.3.1495 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 255.270903][T11366] overlayfs: missing 'workdir' [ 256.311429][T11380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1500'. [ 256.400947][T11381] loop6: detected capacity change from 0 to 524287999 [ 256.476437][T11382] CIFS: Unable to determine destination address [ 256.715685][T11387] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1502'. [ 257.300260][T11408] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1508'. [ 257.519244][T11412] overlayfs: missing 'workdir' [ 257.847456][T11421] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1513'. [ 257.950077][T11424] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1514'. [ 258.466676][T11433] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 258.759883][T11444] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 258.967441][T11452] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1522'. [ 258.981054][T11453] program syz.2.1523 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 259.059985][T11449] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1518'. [ 259.446807][T11463] overlayfs: missing 'workdir' [ 259.788618][T11474] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1528'. [ 260.392245][T11493] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1532'. [ 261.246121][T11507] netfs: Couldn't get user pages (rc=-14) [ 261.284412][T11510] program syz.2.1538 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 262.708794][T11533] tmpfs: Bad value for 'mpol' [ 263.499625][T11546] program syz.2.1548 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 263.781572][T11550] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1549'. [ 264.243891][T11562] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1554'. [ 264.408272][T11569] input: syz1 as /devices/virtual/input/input19 [ 264.499377][T11572] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11) [ 264.501441][T11572] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 264.503883][T11572] vhci_hcd vhci_hcd.0: Device attached [ 264.521819][T11570] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1555'. [ 264.756503][ T55] usb 45-1: new high-speed USB device number 2 using vhci_hcd [ 265.118709][T11573] vhci_hcd: connection reset by peer [ 265.138675][ T46] vhci_hcd: stop threads [ 265.140072][ T46] vhci_hcd: release socket [ 265.146942][ T46] vhci_hcd: disconnect device [ 266.199788][ T24] kernel write not supported for file /dsp1 (pid: 24 comm: kworker/2:0) [ 266.301587][ T40] kauditd_printk_skb: 51 callbacks suppressed [ 266.301599][ T40] audit: type=1326 audit(1748778674.777:13627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11599 comm="syz.3.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 266.319135][ T40] audit: type=1326 audit(1748778674.777:13628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11599 comm="syz.3.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=30 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 266.326069][ T40] audit: type=1326 audit(1748778674.777:13629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11599 comm="syz.3.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 266.333614][ T40] audit: type=1326 audit(1748778674.777:13630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11599 comm="syz.3.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 266.341715][ T40] audit: type=1326 audit(1748778674.777:13631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11599 comm="syz.3.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 266.350224][ T40] audit: type=1326 audit(1748778674.777:13632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11599 comm="syz.3.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 266.359223][ T40] audit: type=1326 audit(1748778674.777:13633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11599 comm="syz.3.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 266.370682][ T40] audit: type=1326 audit(1748778674.777:13634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11599 comm="syz.3.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 266.379649][ T40] audit: type=1326 audit(1748778674.777:13635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11599 comm="syz.3.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 266.388815][ T40] audit: type=1326 audit(1748778674.777:13636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11599 comm="syz.3.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 266.432837][ T1018] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 266.586439][ T1018] usb 9-1: config index 0 descriptor too short (expected 45, got 36) [ 266.589215][ T1018] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 266.592771][ T1018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 266.597358][ T1018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 266.600526][ T1018] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 266.606641][ T1018] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 266.609452][ T1018] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.619382][ T1018] usb 9-1: config 0 descriptor?? [ 266.677827][T11619] geneve3: entered promiscuous mode [ 266.679542][T11619] geneve3: entered allmulticast mode [ 266.682852][ T5955] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 267.007848][ T1018] plantronics 0003:047F:FFFF.0005: reserved main item tag 0xd [ 267.011175][ T1018] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 267.018666][ T1018] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 267.317789][ T1018] usb 9-1: USB disconnect, device number 4 [ 268.022967][T11645] program syz.4.1574 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 268.234289][T11651] program syz.3.1576 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 268.449967][T11653] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1577'. [ 268.816338][T11671] overlayfs: failed to clone upperpath [ 268.848530][T11673] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1582'. [ 269.674828][ T55] vhci_hcd: vhci_device speed not set [ 269.817295][T11696] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1589'. [ 269.902637][T11703] tmpfs: Bad value for 'mpol' [ 269.969809][T11707] program syz.3.1590 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 269.979198][T11707] overlayfs: failed to resolve './file1': -2 [ 270.255440][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 270.257707][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 270.259996][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 270.265697][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 271.256191][T11736] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1602'. [ 271.841365][T11743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1604'. [ 271.848017][T11744] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1603'. [ 272.149056][T11749] overlayfs: failed to resolve './file1': -2 [ 272.176834][ T5955] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 272.177071][ T5956] Bluetooth: hci1: command 0x1003 tx timeout [ 272.256150][T11752] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1605'. [ 273.885040][T11794] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1614'. [ 274.016095][T11796] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 274.059193][T11796] sp0: Synchronizing with TNC [ 274.071452][T11796] [U] [ 274.137489][T11801] tmpfs: Bad value for 'mpol' [ 274.161400][T11795] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 274.457808][ T70] Bluetooth: hci1: Frame reassembly failed (-84) [ 274.996234][T11813] program syz.2.1619 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 275.008085][T11813] overlayfs: failed to resolve './file1': -2 [ 275.276199][T11817] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1620'. [ 275.794708][ T1018] kernel write not supported for file /dsp1 (pid: 1018 comm: kworker/0:2) [ 276.053798][ T34] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 276.176759][T11838] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1626'. [ 276.181190][T11838] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1626'. [ 276.184676][T11838] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1626'. [ 276.188493][T11838] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1626'. [ 276.207463][ T34] usb 7-1: config index 0 descriptor too short (expected 45, got 36) [ 276.210042][ T34] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 276.213561][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 276.218586][ T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 276.221631][ T34] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 276.225889][ T34] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 276.228862][ T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.232591][ T34] usb 7-1: config 0 descriptor?? [ 276.368190][ T5956] Bluetooth: hci1: command 0x1003 tx timeout [ 276.371466][ T5955] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 276.631760][ T34] plantronics 0003:047F:FFFF.0006: reserved main item tag 0xd [ 276.637999][ T34] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 276.648502][ T34] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 276.770698][T11853] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 276.819407][T11853] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1632'. [ 276.897432][ T24] usb 7-1: USB disconnect, device number 12 [ 276.901241][ T5956] Bluetooth: hci2: command 0x0406 tx timeout [ 277.043318][T11871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1638'. [ 277.924068][T11899] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 277.969737][T11899] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1645'. [ 278.883230][ T5956] Bluetooth: hci2: command 0x0406 tx timeout [ 279.433693][T11929] net veth1_virt_wifi : renamed from virt_wifi0 [ 279.879768][T11938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1656'. [ 280.018088][T11946] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1659'. [ 281.463715][T11987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1673'. [ 281.475456][T11989] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1674'. [ 281.547016][T11979] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1670'. [ 281.959624][ T34] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 282.103709][ T34] usb 7-1: config 1 interface 0 has no altsetting 0 [ 282.107511][ T34] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 282.110201][ T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.121386][ T34] usb 7-1: Product: syz [ 282.122700][ T34] usb 7-1: Manufacturer: syz [ 282.124120][ T34] usb 7-1: SerialNumber: syz [ 282.269240][T12011] binder: 12009:12011 ioctl c0046209 0 returned -22 [ 282.269274][T12010] binder: 12009:12010 ioctl c0046209 0 returned -22 [ 282.564949][T12017] lo speed is unknown, defaulting to 1000 [ 282.567772][T12017] lo speed is unknown, defaulting to 1000 [ 283.162206][T12036] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1677'. [ 283.173143][T12036] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1677'. [ 283.205139][T12036] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1677'. [ 283.391977][T12037] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1687'. [ 283.402580][T12036] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1677'. [ 283.798166][T12060] lo speed is unknown, defaulting to 1000 [ 283.800958][T12060] lo speed is unknown, defaulting to 1000 [ 284.159585][T12072] cgroup: fork rejected by pids controller in /syz1 [ 284.578646][ T34] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 284.585136][ T34] usb 7-1: USB disconnect, device number 13 [ 284.597555][ T34] usblp0: removed [ 285.054839][T12558] __nla_validate_parse: 2 callbacks suppressed [ 285.054851][T12558] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1701'. [ 285.254843][T12568] program syz.4.1703 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.296428][T12567] vxcan1: Master is either lo or non-ether device [ 285.411687][T12571] fuse: Bad value for 'fd' [ 285.659662][T12586] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1711'. [ 285.684051][T12590] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1712'. [ 285.879312][T12600] fuse: Bad value for 'group_id' [ 285.880959][T12600] fuse: Bad value for 'group_id' [ 286.289881][T12609] vivid-007: disconnect [ 286.637582][T12611] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1720'. [ 286.845780][T12613] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 286.892745][T12613] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1721'. [ 287.091207][T12607] vivid-007: reconnect [ 287.984925][T12660] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 288.386028][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 288.386040][ T40] audit: type=1326 audit(1748778697.957:13647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12669 comm="syz.4.1739" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 288.395300][ T40] audit: type=1326 audit(1748778697.957:13648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12669 comm="syz.4.1739" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 288.401883][ T40] audit: type=1326 audit(1748778697.957:13649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12669 comm="syz.4.1739" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 288.408493][ T40] audit: type=1326 audit(1748778697.957:13650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12669 comm="syz.4.1739" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 288.415215][ T40] audit: type=1326 audit(1748778697.957:13651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12669 comm="syz.4.1739" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 288.422862][ T40] audit: type=1326 audit(1748778697.957:13652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12669 comm="syz.4.1739" exe="/syz-executor" sig=0 arch=40000003 syscall=150 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 288.429786][ T40] audit: type=1326 audit(1748778697.999:13653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12669 comm="syz.4.1739" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 288.436840][ T40] audit: type=1326 audit(1748778697.999:13654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12669 comm="syz.4.1739" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 288.446507][ T40] audit: type=1326 audit(1748778698.020:13655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12669 comm="syz.4.1739" exe="/syz-executor" sig=0 arch=40000003 syscall=185 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 288.453430][ T40] audit: type=1326 audit(1748778698.020:13656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12669 comm="syz.4.1739" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 288.928414][T12684] "syz.4.1741" (12684) uses obsolete ecb(arc4) skcipher [ 289.649352][T12711] syz.4.1751: attempt to access beyond end of device [ 289.649352][T12711] loop4: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 289.667259][T12711] hfsplus: unable to find HFS+ superblock [ 289.948064][T12717] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 290.108183][T12723] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1756'. [ 290.390566][T12736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1761'. [ 290.820998][T12745] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1762'. [ 291.058261][T12745] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1762'. [ 291.123784][T12745] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1762'. [ 291.590687][T12764] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 291.634651][T12764] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1767'. [ 291.801246][T12779] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1772'. [ 292.478664][T12794] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1779'. [ 293.766040][T12834] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 293.768142][T12834] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 293.771401][T12834] vhci_hcd vhci_hcd.0: Device attached [ 293.819446][T12840] overlayfs: failed to clone upperpath [ 294.055742][ T29] usb 41-1: new high-speed USB device number 4 using vhci_hcd [ 294.254945][T12861] overlayfs: failed to clone upperpath [ 294.359776][T12863] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1799'. [ 294.512350][T12836] vhci_hcd: connection reset by peer [ 294.593902][ T1143] vhci_hcd: stop threads [ 294.595389][ T1143] vhci_hcd: release socket [ 294.597153][ T1143] vhci_hcd: disconnect device [ 295.119716][T12875] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1804'. [ 295.269284][T12887] overlayfs: failed to clone upperpath [ 295.531772][T12898] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1811'. [ 295.706608][T12901] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 295.714907][T12896] IPVS: stopping backup sync thread 12901 ... [ 296.257318][T12915] xt_CT: You must specify a L4 protocol and not use inversions on it [ 296.261228][T12915] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1816'. [ 296.265310][T12915] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1816'. [ 296.442256][T12919] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1818'. [ 296.683969][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 296.683981][ T40] audit: type=1326 audit(2000000007.716:13670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.3.1820" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 296.693821][ T40] audit: type=1326 audit(2000000007.726:13671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.3.1820" exe="/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 296.704907][ T40] audit: type=1326 audit(2000000007.726:13672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.3.1820" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 296.711669][ T40] audit: type=1326 audit(2000000007.726:13673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.3.1820" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 296.728943][ T40] audit: type=1326 audit(2000000007.726:13674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.3.1820" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 296.742377][ T40] audit: type=1326 audit(2000000007.726:13675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12922 comm="syz.3.1820" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5579 code=0x7ffc0000 [ 296.811998][T12937] overlayfs: failed to clone upperpath [ 297.623448][T12968] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 297.747233][T12970] 9pnet_fd: Insufficient options for proto=fd [ 298.136750][T12978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1830'. [ 298.593103][T12980] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 298.645266][T12980] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1831'. [ 298.913552][T13004] ALSA: mixer_oss: invalid index 40000 [ 298.934313][ T29] vhci_hcd: vhci_device speed not set [ 299.598436][T13016] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 299.657517][T13016] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1841'. [ 299.826070][T13037] program syz.2.1847 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 299.838047][T13038] program syz.4.1848 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 299.879481][T13040] xt_CT: You must specify a L4 protocol and not use inversions on it [ 300.079826][T13055] pim6reg: entered allmulticast mode [ 300.189772][ T8311] libceph: connect (1)[c::]:6789 error -101 [ 300.194405][ T8311] libceph: mon0 (1)[c::]:6789 connect error [ 300.449300][ T8311] libceph: connect (1)[c::]:6789 error -101 [ 300.451375][ T8311] libceph: mon0 (1)[c::]:6789 connect error [ 300.917047][T13085] overlayfs: failed to clone upperpath [ 300.935349][ T8311] libceph: connect (1)[c::]:6789 error -101 [ 300.938038][ T8311] libceph: mon0 (1)[c::]:6789 connect error [ 300.941871][T13060] ceph: No mds server is up or the cluster is laggy [ 301.059317][T13091] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1866'. [ 301.108913][T13093] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input22 [ 301.122305][T13094] overlayfs: failed to clone upperpath [ 301.547316][T13111] netlink: 'syz.4.1873': attribute type 8 has an invalid length. [ 301.744845][ T8311] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 301.833146][T13120] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1877'. [ 301.908818][ T8311] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 301.911504][ T8311] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.925939][ T8311] usb 7-1: Product: syz [ 301.927581][ T8311] usb 7-1: Manufacturer: syz [ 301.929127][ T8311] usb 7-1: SerialNumber: syz [ 301.938379][ T8311] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 301.965708][ T8311] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 302.469991][T13144] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1883'. [ 302.632752][ T34] usb 7-1: USB disconnect, device number 14 [ 302.665257][T13146] overlayfs: failed to clone upperpath [ 302.963843][ T8311] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 302.966332][ T8311] ath9k_htc: Failed to initialize the device [ 302.970835][ T34] usb 7-1: ath9k_htc: USB layer deinitialized [ 303.248637][T13159] overlayfs: failed to clone upperpath [ 303.791890][T13166] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1889'. [ 304.093060][T13171] overlayfs: failed to clone upperpath [ 304.719872][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 304.721882][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 304.745463][T13191] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1896'. [ 305.159942][T13202] overlayfs: failed to clone upperpath [ 305.254532][T13204] batadv_slave_0: entered promiscuous mode [ 305.260034][T13204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1900'. [ 305.555312][T13204] batadv_slave_0 (unregistering): left promiscuous mode [ 305.789846][T13218] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.1906'. [ 306.915003][T13253] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1917'. [ 307.777246][T13277] veth1_to_team: entered promiscuous mode [ 307.785110][T13277] veth0: entered promiscuous mode [ 308.767387][T13300] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1931'. [ 309.380594][T13315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1937'. [ 309.770363][T13330] lo speed is unknown, defaulting to 1000 [ 309.772962][T13330] lo speed is unknown, defaulting to 1000 [ 309.833580][T13333] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 311.583825][T13375] lo speed is unknown, defaulting to 1000 [ 311.610099][T13375] lo speed is unknown, defaulting to 1000 [ 311.652839][T13385] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1954'. [ 311.847568][T13387] FAULT_INJECTION: forcing a failure. [ 311.847568][T13387] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 311.851984][T13387] CPU: 2 UID: 0 PID: 13387 Comm: syz.2.1955 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) [ 311.852008][T13387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 311.852018][T13387] Call Trace: [ 311.852024][T13387] [ 311.852031][T13387] dump_stack_lvl+0x16c/0x1f0 [ 311.852054][T13387] should_fail_ex+0x512/0x640 [ 311.852083][T13387] _copy_from_user+0x2e/0xd0 [ 311.852111][T13387] get_compat_msghdr+0xa7/0x170 [ 311.852135][T13387] ? __pfx_get_compat_msghdr+0x10/0x10 [ 311.852163][T13387] ___sys_sendmsg+0x1ae/0x1d0 [ 311.852182][T13387] ? __pfx____sys_sendmsg+0x10/0x10 [ 311.852213][T13387] ? find_held_lock+0x2b/0x80 [ 311.852270][T13387] __sys_sendmsg+0x16d/0x220 [ 311.852294][T13387] ? __pfx___sys_sendmsg+0x10/0x10 [ 311.852323][T13387] ? rcu_is_watching+0x12/0xc0 [ 311.852351][T13387] __do_fast_syscall_32+0x7c/0x3a0 [ 311.852376][T13387] do_fast_syscall_32+0x32/0x80 [ 311.852396][T13387] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 311.852418][T13387] RIP: 0023:0xf7f63579 [ 311.852431][T13387] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 311.852448][T13387] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 311.852465][T13387] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 311.852477][T13387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 311.852488][T13387] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 311.852498][T13387] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 311.852508][T13387] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 311.852530][T13387] [ 312.265540][T13392] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 312.566384][T13411] overlayfs: failed to clone upperpath [ 313.444184][T13455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1968'. [ 313.591063][T13461] No source specified [ 314.538009][T13491] wireguard0: entered promiscuous mode [ 314.544577][T13491] wireguard0: entered allmulticast mode [ 314.562387][T13497] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1979'. [ 314.719208][T13505] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1982'. [ 315.105736][T13511] net veth1_virt_wifi : renamed from virt_wifi0 [ 315.199097][T13514] RDS: rds_bind could not find a transport for ::ffff:172.30.0.5, load rds_tcp or rds_rdma? [ 316.567852][T13541] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1993'. [ 316.897751][T13551] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1999'. [ 317.012158][T13557] xt_CT: You must specify a L4 protocol and not use inversions on it [ 317.185480][T13561] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2005'. [ 317.185664][T13562] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2005'. [ 317.358472][T13574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2009'. [ 317.449376][T13587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2013'. [ 317.622082][ T5956] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 317.626783][ T5956] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 317.629869][ T5956] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 317.633165][ T5956] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 317.636304][ T5956] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 317.665295][T13593] lo speed is unknown, defaulting to 1000 [ 317.667906][T13593] lo speed is unknown, defaulting to 1000 [ 317.855978][T13593] chnl_net:caif_netlink_parms(): no params data found [ 317.964028][T13593] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.967240][T13593] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.969644][T13593] bridge_slave_0: entered allmulticast mode [ 317.972415][T13593] bridge_slave_0: entered promiscuous mode [ 317.977435][T13593] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.979869][T13593] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.982271][T13593] bridge_slave_1: entered allmulticast mode [ 317.985039][T13593] bridge_slave_1: entered promiscuous mode [ 318.036955][T13593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 318.041871][T13593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 318.078085][T13593] team0: Port device team_slave_0 added [ 318.082404][T13593] team0: Port device team_slave_1 added [ 318.117205][T13593] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 318.119854][T13593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 318.127762][T13593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 318.134130][T13593] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 318.136357][T13593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 318.144863][T13593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 318.196621][T13593] hsr_slave_0: entered promiscuous mode [ 318.199158][T13593] hsr_slave_1: entered promiscuous mode [ 318.201002][ T40] audit: type=1800 audit(2000000030.307:13676): pid=13608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2017" name="nullb0" dev="tmpfs" ino=2453 res=0 errno=0 [ 318.337214][T13593] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.342170][T13593] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 318.417473][T13593] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.420820][T13593] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 318.533129][T13617] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2020'. [ 318.583007][T13593] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.587804][T13593] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 318.664486][T13593] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.667702][T13593] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 318.680333][T13627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2023'. [ 318.797030][T13634] overlayfs: failed to clone upperpath [ 318.802121][T13635] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2024'. [ 319.006455][T13593] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 319.033812][T13593] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 319.044845][T13593] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 319.059801][T13593] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 319.149192][T13593] 8021q: adding VLAN 0 to HW filter on device bond0 [ 319.160707][T13593] 8021q: adding VLAN 0 to HW filter on device team0 [ 319.174480][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.177389][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 319.189606][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.191900][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.559031][T13650] bridge0: port 3(syz_tun) entered blocking state [ 319.561193][T13650] bridge0: port 3(syz_tun) entered disabled state [ 319.563979][T13651] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2030'. [ 319.568218][T13650] syz_tun: entered allmulticast mode [ 319.570614][T13650] syz_tun: entered promiscuous mode [ 319.572509][T13650] bridge0: port 3(syz_tun) entered blocking state [ 319.574642][T13650] bridge0: port 3(syz_tun) entered forwarding state [ 319.578728][ T5956] Bluetooth: hci1: command tx timeout [ 319.615181][T13593] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 319.639963][T13593] veth0_vlan: entered promiscuous mode [ 319.645859][T13593] veth1_vlan: entered promiscuous mode [ 319.691233][T13593] veth0_macvtap: entered promiscuous mode [ 319.694882][T13659] netlink: 'syz.4.2032': attribute type 2 has an invalid length. [ 319.697272][T13659] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2032'. [ 319.702897][T13593] veth1_macvtap: entered promiscuous mode [ 319.711914][T13659] : entered promiscuous mode [ 319.720351][T13593] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 319.726247][T13593] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 319.731745][T13593] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.734500][T13593] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.737208][T13593] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.740052][T13593] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.777107][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.779554][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.798696][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.802033][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.852147][ T24] usb 7-1: new full-speed USB device number 15 using dummy_hcd [ 319.859846][T13662] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.863969][T13662] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 319.939682][T13662] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.943008][T13662] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 320.002539][ T24] usb 7-1: config 195 has an invalid interface number: 145 but max is 0 [ 320.005628][ T24] usb 7-1: config 195 has no interface number 0 [ 320.007592][ T24] usb 7-1: config 195 interface 145 has no altsetting 0 [ 320.015703][ T24] usb 7-1: New USB device found, idVendor=055f, idProduct=c211, bcdDevice=9b.e4 [ 320.018664][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.031351][ T24] usb 7-1: Product: syz [ 320.032728][ T24] usb 7-1: Manufacturer: syz [ 320.034712][ T24] usb 7-1: SerialNumber: syz [ 320.041795][T13662] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.052212][T13662] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 320.167784][T13662] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.173139][T13662] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 320.240395][ T24] gspca_main: sunplus-2.14.0 probing 055f:c211 [ 320.243846][ T24] gspca_sunplus: reg_r err -71 [ 320.296031][T13662] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.301013][T13662] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 256 - 0 [ 320.342593][T13662] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.345780][T13662] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 256 - 0 [ 320.389915][T13662] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.393649][T13662] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 256 - 0 [ 320.457063][T13662] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.459767][T13662] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 256 - 0 [ 320.558686][T13662] syz.3.2034 (13662) used greatest stack depth: 19512 bytes left [ 320.844462][T13676] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2035'. [ 321.017508][T13680] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2039'. [ 321.177544][ T24] sunplus 7-1:195.145: probe with driver sunplus failed with error -71 [ 321.185104][ T24] usb 7-1: USB disconnect, device number 15 [ 321.566991][ T5956] Bluetooth: hci1: command tx timeout [ 322.230747][T13703] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 322.330742][T13705] fuse: Unknown parameter '0x00000000000000030x0000000000000003' [ 322.440336][T13713] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2051'. [ 322.462935][T13715] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 322.487149][T13718] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2053'. [ 322.891012][ T5987] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 323.036176][ T5987] usb 6-1: config 1 interface 0 has no altsetting 0 [ 323.040881][ T5987] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 323.048717][ T5987] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.051527][ T5987] usb 6-1: Product: syz [ 323.053327][ T5987] usb 6-1: Manufacturer: syz [ 323.055057][ T5987] usb 6-1: SerialNumber: syz [ 323.541679][ T5956] Bluetooth: hci1: command tx timeout [ 323.692179][T13735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 323.699530][T13735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 323.742600][ T5987] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 324.264978][ T8312] usb 6-1: USB disconnect, device number 3 [ 324.268321][ T8312] usblp0: removed [ 324.819357][T13776] ceph: No mds server is up or the cluster is laggy [ 325.074576][ T5987] libceph: connect (1)[c::]:6789 error -101 [ 325.077800][ T5987] libceph: mon0 (1)[c::]:6789 connect error [ 325.084111][T13790] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 325.399425][T13799] syzkaller1: entered promiscuous mode [ 325.401197][T13799] syzkaller1: entered allmulticast mode [ 325.408426][T13799] SET target dimension over the limit! [ 325.428767][ T5956] Bluetooth: hci4: connection err: -111 [ 325.519951][ T5956] Bluetooth: hci1: command tx timeout [ 325.552927][T13811] netlink: 'syz.4.2080': attribute type 6 has an invalid length. [ 325.555484][T13811] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2080'. [ 325.739541][T13820] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 325.769742][T13787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 325.966923][T13833] tmpfs: Cannot enable quota on remount [ 326.496257][T13854] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 326.537633][T13854] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2093'. [ 327.144723][T13876] sctp: [Deprecated]: syz.3.2101 (pid 13876) Use of int in maxseg socket option. [ 327.144723][T13876] Use struct sctp_assoc_value instead [ 327.158585][T13878] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 327.682772][T13900] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2107'. [ 327.822095][ T29] libceph: connect (1)[c::]:6789 error -101 [ 327.824565][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 327.853795][T13907] ceph: No mds server is up or the cluster is laggy [ 328.437507][T13926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2115'. [ 329.018948][T13936] overlayfs: failed to clone upperpath [ 329.296903][T13945] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2121'. [ 329.333070][T13949] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2122'. [ 329.336671][T13949] netlink: 212424 bytes leftover after parsing attributes in process `syz.3.2122'. [ 329.451875][T13957] 9pnet_fd: Insufficient options for proto=fd [ 329.538616][T13961] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2127'. [ 329.583080][T13965] overlayfs: failed to clone upperpath [ 329.607832][T13967] netlink: 'syz.2.2129': attribute type 1 has an invalid length. [ 329.610517][T13967] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2129'. [ 329.670343][T13969] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2130'. [ 330.043180][T13986] xt_CT: You must specify a L4 protocol and not use inversions on it [ 330.265363][T13989] could not allocate digest TFM handle cbcmac-aes-neon [ 330.460984][T13996] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2137'. [ 331.702581][T14022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2145'. [ 331.950501][T14031] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2149'. [ 332.759998][T14045] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 333.000403][T14047] overlayfs: failed to clone upperpath [ 333.202697][T14051] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 333.221134][T14051] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2156'. [ 333.407773][T14059] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2159'. [ 333.418764][T14042] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 334.036107][T14078] cgroup: Unknown subsys name 'fowner>00000000000000000000' [ 334.355459][T14083] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 334.399282][T14083] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2168'. [ 334.571132][T14093] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2170'. [ 335.576421][T14106] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 335.823279][T14118] xt_CT: You must specify a L4 protocol and not use inversions on it [ 335.868273][T14120] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 336.000468][T14127] xt_CT: You must specify a L4 protocol and not use inversions on it [ 336.108118][T14133] overlayfs: failed to resolve './file0': -2 [ 336.453231][T14146] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 336.572943][T14152] xt_CT: You must specify a L4 protocol and not use inversions on it [ 336.886460][T14162] overlayfs: failed to resolve './file1': -2 [ 337.257069][T14180] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 337.419169][T14194] overlayfs: failed to resolve './file1': -2 [ 338.587360][T14223] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 338.598433][T14223] overlayfs: missing 'lowerdir' [ 338.600185][T14225] overlayfs: failed to resolve './file1': -2 [ 338.661534][T14228] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2211'. [ 339.011307][T14220] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2208'. [ 339.356358][T14249] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 339.410340][T14249] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2216'. [ 339.809038][T14268] netlink: 'syz.1.2221': attribute type 2 has an invalid length. [ 339.870938][ T40] audit: type=1800 audit(2000000053.056:13677): pid=14270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2221" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 339.883697][T14265] fuse: Unknown parameter ':܎˧U"/' [ 339.960302][T14276] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 340.101072][T14286] netlink: 'syz.2.2226': attribute type 11 has an invalid length. [ 340.103666][T14286] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2226'. [ 340.108607][T14286] xt_CT: You must specify a L4 protocol and not use inversions on it [ 340.582504][T14315] xt_CT: You must specify a L4 protocol and not use inversions on it [ 340.635014][T14318] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 340.646691][T14317] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 340.649898][T14317] kvm: requested 12571 ns i8254 timer period limited to 200000 ns [ 340.652569][T14317] kvm: requested 170133 ns i8254 timer period limited to 200000 ns [ 340.655143][T14317] kvm: requested 68723 ns i8254 timer period limited to 200000 ns [ 340.659645][T14317] kvm: requested 84647 ns i8254 timer period limited to 200000 ns [ 340.662133][T14317] kvm: requested 86323 ns i8254 timer period limited to 200000 ns [ 340.664784][T14317] kvm: requested 12571 ns i8254 timer period limited to 200000 ns [ 340.674815][T14317] kvm: requested 12571 ns i8254 timer period limited to 200000 ns [ 340.678131][T14317] kvm: requested 85485 ns i8254 timer period limited to 200000 ns [ 341.058648][T14333] syzkaller0: entered allmulticast mode [ 341.090738][T14333] tipc: Started in network mode [ 341.092380][T14333] tipc: Node identity c61c2d47237f, cluster identity 4711 [ 341.094865][T14333] tipc: Enabled bearer , priority 0 [ 341.098633][T14333] veth1_macvtap: left promiscuous mode [ 341.123368][T14336] lo speed is unknown, defaulting to 1000 [ 341.128803][T14336] lo speed is unknown, defaulting to 1000 [ 341.298056][T14344] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2246'. [ 342.039631][T14328] syzkaller0: left allmulticast mode [ 342.080888][T14354] xt_CT: You must specify a L4 protocol and not use inversions on it [ 342.173697][ T8311] tipc: Node number set to 3848482119 [ 342.276113][T14371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2254'. [ 342.338617][T14376] overlayfs: failed to clone upperpath [ 342.504234][ T9074] usb 9-1: new low-speed USB device number 5 using dummy_hcd [ 342.675626][ T9074] usb 9-1: Invalid ep0 maxpacket: 64 [ 342.818653][ T9074] usb 9-1: new low-speed USB device number 6 using dummy_hcd [ 342.980937][ T9074] usb 9-1: Invalid ep0 maxpacket: 64 [ 342.984458][ T9074] usb usb9-port1: attempt power cycle [ 343.280361][T14387] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 343.328197][T14387] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2261'. [ 343.343085][ T9074] usb 9-1: new low-speed USB device number 7 using dummy_hcd [ 343.371989][ T9074] usb 9-1: Invalid ep0 maxpacket: 64 [ 343.451474][T14398] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2263'. [ 343.495469][ T9074] usb 9-1: new low-speed USB device number 8 using dummy_hcd [ 343.514899][ T9074] usb 9-1: Invalid ep0 maxpacket: 64 [ 343.516844][ T9074] usb usb9-port1: unable to enumerate USB device [ 343.571761][T14403] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2265'. [ 344.236607][ T5987] libceph: connect (1)[c::]:6789 error -101 [ 344.239153][ T5987] libceph: mon0 (1)[c::]:6789 connect error [ 344.487124][ T5987] libceph: connect (1)[c::]:6789 error -101 [ 344.489308][ T5987] libceph: mon0 (1)[c::]:6789 connect error [ 344.546958][T14436] xt_CT: You must specify a L4 protocol and not use inversions on it [ 344.679489][T14448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2278'. [ 344.736408][T14452] netlink: 196 bytes leftover after parsing attributes in process `syz.3.2280'. [ 344.783238][T14455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2279'. [ 344.825827][T14420] ceph: No mds server is up or the cluster is laggy [ 345.018470][T14460] netlink: 'syz.2.2283': attribute type 1 has an invalid length. [ 345.019814][T14462] xt_CT: You must specify a L4 protocol and not use inversions on it [ 345.021509][T14460] netlink: 'syz.2.2283': attribute type 1 has an invalid length. [ 345.052739][ T5956] Bluetooth: hci1: ACL packet too small [ 345.053257][T14465] loop4: detected capacity change from 0 to 524255232 [ 345.268955][T14480] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2289'. [ 345.277107][ T24] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 345.431797][ T24] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.434934][ T24] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 58, using maximum allowed: 30 [ 345.438598][ T24] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 58 [ 345.447915][ T24] usb 7-1: New USB device found, idVendor=1b96, idProduct=0013, bcdDevice= 0.00 [ 345.450766][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.459173][ T24] usb 7-1: config 0 descriptor?? [ 345.528706][T14482] ufs: failed to set blocksize [ 345.677776][ T24] usb 7-1: USB disconnect, device number 16 [ 345.696562][T14488] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2293'. [ 345.917016][T14497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2297'. [ 347.201231][T14533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2307'. [ 347.750927][T14542] overlayfs: failed to clone upperpath [ 347.823386][T14545] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2311'. [ 349.092751][T14595] __nla_validate_parse: 1 callbacks suppressed [ 349.092764][T14595] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2326'. [ 349.209714][T14603] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 349.385757][T14612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2332'. [ 349.474248][T14615] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2333'. [ 349.810749][ T40] audit: type=1326 audit(2000000063.481:13678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14626 comm="syz.4.2338" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc3579 code=0x0 [ 350.054839][ T63] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 350.060282][ T63] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 350.064032][ T63] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 350.067487][ T63] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 350.071284][ T63] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 350.120579][T14632] lo speed is unknown, defaulting to 1000 [ 350.123055][T14632] lo speed is unknown, defaulting to 1000 [ 350.257564][T14637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2339'. [ 350.297447][T14599] lo speed is unknown, defaulting to 1000 [ 350.390738][T14599] lo speed is unknown, defaulting to 1000 [ 350.633718][T14632] chnl_net:caif_netlink_parms(): no params data found [ 350.910016][T14632] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.912257][T14632] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.914546][T14632] bridge_slave_0: entered allmulticast mode [ 350.947713][T14632] bridge_slave_0: entered promiscuous mode [ 350.953091][T14632] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.962267][T14632] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.985343][T14632] bridge_slave_1: entered allmulticast mode [ 351.012302][T14632] bridge_slave_1: entered promiscuous mode [ 351.225379][T14632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 351.267290][T14632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 351.354822][T14632] team0: Port device team_slave_0 added [ 351.370149][T14663] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.392704][T14632] team0: Port device team_slave_1 added [ 351.458500][ T9074] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 351.610999][ T9074] usb 9-1: Using ep0 maxpacket: 8 [ 351.621360][ T9074] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 351.623744][ T9074] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 351.627252][ T9074] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 351.639513][ T9074] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 351.648942][ T9074] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 351.659051][ T9074] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 351.661406][ T9074] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 351.665269][ T9074] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 351.674915][ T9074] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 351.687197][ T9074] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 351.691636][ T9074] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 351.694287][ T9074] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 351.706447][ T9074] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 351.715516][ T9074] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 351.719740][ T9074] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 351.739277][ T9074] usb 9-1: string descriptor 0 read error: -22 [ 351.741783][ T9074] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 351.753809][ T9074] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.787142][ T9074] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 351.850761][T14632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 351.853314][T14632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.864900][T14632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 351.893985][T14632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 351.896323][T14632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.914380][T14632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 352.039712][ T5956] Bluetooth: hci2: command tx timeout [ 352.375673][T14632] hsr_slave_0: entered promiscuous mode [ 352.382940][T14632] hsr_slave_1: entered promiscuous mode [ 352.389296][T14632] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 352.391768][T14632] Cannot create hsr debugfs directory [ 352.771898][T14678] block device autoloading is deprecated and will be removed. [ 353.232887][T14632] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.245723][T14632] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 353.391588][T14632] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.402771][T14632] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 353.559743][T14632] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.572283][T14632] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 353.698660][T14632] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.710446][T14632] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 353.952648][T14683] xt_CT: You must specify a L4 protocol and not use inversions on it [ 353.980641][T14632] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 353.985526][T14632] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 353.989329][T14632] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 354.001269][T14632] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 354.025720][ T54] usb 9-1: USB disconnect, device number 9 [ 354.030750][ T5956] Bluetooth: hci2: command tx timeout [ 354.095631][T14632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.118326][T14632] 8021q: adding VLAN 0 to HW filter on device team0 [ 354.129642][ T1202] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.132505][ T1202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 354.156148][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.158948][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 355.001257][T14632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 355.079375][T14632] veth0_vlan: entered promiscuous mode [ 355.084876][T14632] veth1_vlan: entered promiscuous mode [ 355.109494][T14632] veth0_macvtap: entered promiscuous mode [ 355.117194][T14632] veth1_macvtap: entered promiscuous mode [ 355.131039][T14632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 355.139243][T14632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 355.144334][T14632] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.149893][T14632] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.152638][T14632] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.155784][T14632] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.220056][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.224552][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.241650][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.244118][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.412448][T14715] netlink: 'syz.2.2356': attribute type 1 has an invalid length. [ 355.414932][T14715] netlink: 'syz.2.2356': attribute type 1 has an invalid length. [ 355.417556][T14715] netlink: 212 bytes leftover after parsing attributes in process `syz.2.2356'. [ 355.420329][T14715] netlink: 'syz.2.2356': attribute type 1 has an invalid length. [ 355.681953][T14723] lo speed is unknown, defaulting to 1000 [ 355.685654][T14723] lo speed is unknown, defaulting to 1000 [ 356.011931][ T5956] Bluetooth: hci2: command tx timeout [ 357.231602][T14751] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2365'. [ 357.278123][T14745] bridge_slave_0: left allmulticast mode [ 357.280014][T14745] bridge_slave_0: left promiscuous mode [ 357.281842][T14745] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.301275][T14745] bridge_slave_1: left allmulticast mode [ 357.303577][T14745] bridge_slave_1: left promiscuous mode [ 357.305905][T14745] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.346465][T14745] bond0: (slave bond_slave_0): Releasing backup interface [ 357.352539][T14745] bond0: (slave bond_slave_1): Releasing backup interface [ 357.368180][T14745] team0: Port device team_slave_0 removed [ 357.377309][T14745] team0: Port device team_slave_1 removed [ 357.379520][T14745] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 357.381725][T14745] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 357.384939][T14745] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 357.387250][T14745] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 357.541127][ T1202] Bluetooth: hci0: Frame reassembly failed (-90) [ 357.934943][T14774] lo speed is unknown, defaulting to 1000 [ 357.938290][T14774] lo speed is unknown, defaulting to 1000 [ 357.992757][ T63] Bluetooth: hci2: command tx timeout [ 359.039435][T14787] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2374'. [ 359.517730][ T63] Bluetooth: hci0: command 0xfc11 tx timeout [ 359.526850][ T5956] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 359.728155][T14800] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2378'. [ 360.267617][T14807] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 360.323979][T14807] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2380'. [ 360.524999][T14821] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2384'. [ 360.714710][T14825] xt_CT: No such helper "snmp" [ 360.935399][T14845] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 360.944248][T14847] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 360.947680][T14847] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 360.949882][T14845] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2389'. [ 361.081102][T14854] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2390'. [ 361.879863][T14878] xt_CT: You must specify a L4 protocol and not use inversions on it [ 361.991022][T14874] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2397'. [ 362.104901][T14887] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 362.113052][T14887] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2399'. [ 362.127453][T14885] netlink: 'syz.4.2403': attribute type 4 has an invalid length. [ 362.144925][T14885] netlink: 'syz.4.2403': attribute type 4 has an invalid length. [ 362.929559][T14910] IPVS: Error connecting to the multicast addr [ 363.267907][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 363.269915][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 363.519041][T14933] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2410'. [ 363.908286][T14942] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 363.917208][T14942] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2412'. [ 363.967849][T14947] 9pnet_virtio: no channels available for device ./file0/file0 [ 363.985953][T14949] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2413'. [ 364.075853][ T1018] libceph: connect (1)[c::]:6789 error -101 [ 364.078005][ T1018] libceph: mon0 (1)[c::]:6789 connect error [ 364.187661][T14954] Invalid ELF header magic: != ELF [ 364.337460][ T1018] libceph: connect (1)[c::]:6789 error -101 [ 364.339878][ T1018] libceph: mon0 (1)[c::]:6789 connect error [ 364.510752][T14951] ceph: No mds server is up or the cluster is laggy [ 366.129560][T14980] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 366.232494][T14994] xt_CT: You must specify a L4 protocol and not use inversions on it [ 366.283561][T14997] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2426'. [ 366.365898][ T5956] Bluetooth: hci1: command 0x0406 tx timeout [ 366.582238][T15008] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2433'. [ 366.598664][T15008] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2433'. [ 366.695193][T15013] 9pnet_virtio: no channels available for device syz [ 366.741292][T15015] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 366.855916][T15021] xt_CT: You must specify a L4 protocol and not use inversions on it [ 367.232814][T15036] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 367.382077][T15047] xt_CT: You must specify a L4 protocol and not use inversions on it [ 367.509959][T15043] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2447'. [ 367.547974][T15058] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2453'. [ 367.994141][T15085] xt_CT: You must specify a L4 protocol and not use inversions on it [ 368.105104][ T24] libceph: connect (1)[c::]:6789 error -101 [ 368.107883][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 368.160625][ T8311] libceph: connect (1)[c::]:6789 error -101 [ 368.223857][ T8311] libceph: mon0 (1)[c::]:6789 connect error [ 368.329000][T15091] Invalid ELF header magic: != ELF [ 368.471602][ T24] libceph: connect (1)[c::]:6789 error -101 [ 368.473864][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 368.500746][T15088] ceph: No mds server is up or the cluster is laggy [ 368.704060][T15095] block nbd0: server does not support multiple connections per device. [ 368.719914][T15095] block nbd0: shutting down sockets [ 369.153941][ T1202] team0: Port device geneve0 removed [ 369.207523][T15098] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2464'. [ 369.420013][T15104] af_packet: tpacket_rcv: packet too big, clamped from 8 to 4294967272. macoff=96 [ 369.453710][ T1202] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 369.461313][ T1202] bond_slave_0: left promiscuous mode [ 369.466538][ T1202] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 369.471666][ T1202] bond_slave_1: left promiscuous mode [ 369.474577][ T1202] bond0 (unregistering): Released all slaves [ 369.480783][ T1202] bond1 (unregistering): Released all slaves [ 369.515672][T15106] misc userio: Invalid payload size [ 369.682578][T15104] tmpfs: Unknown parameter 'grpquota' [ 369.757455][ T54] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 369.920536][ T54] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 369.923362][ T54] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 369.926828][ T54] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 369.930288][ T54] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 369.938258][ T54] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 369.942879][ T54] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 369.946001][ T54] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 369.948905][ T54] usb 6-1: Product: syz [ 369.950234][ T54] usb 6-1: Manufacturer: syz [ 369.963210][ T54] cdc_wdm 6-1:1.0: skipping garbage [ 369.964938][ T54] cdc_wdm 6-1:1.0: skipping garbage [ 369.967925][ T54] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 369.969792][ T54] cdc_wdm 6-1:1.0: Unknown control protocol [ 370.155186][ C3] wdm_int_callback: 9 callbacks suppressed [ 370.155200][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 370.159326][ C3] wdm_int_callback: 9 callbacks suppressed [ 370.159337][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 370.163932][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 370.166001][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 370.168229][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 370.170246][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 370.172376][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 370.174467][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 370.177893][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 370.180030][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 370.180198][T15123] syz.2.2475: attempt to access beyond end of device [ 370.180198][T15123] loop2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 370.182143][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 370.187356][T15123] hpfs: hpfs_map_sector(): read error [ 370.188231][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 370.192043][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 370.194149][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 370.196258][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 370.198322][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 370.200443][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 370.202507][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 370.204806][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 370.206869][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 370.215850][ T54] usb 6-1: USB disconnect, device number 4 [ 370.215904][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 370.408600][T15110] dlm: no locking on control device [ 371.034342][T15135] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 371.432429][ T1202] hsr_slave_0: left promiscuous mode [ 371.459639][ T1202] veth1_macvtap: left promiscuous mode [ 371.461486][ T1202] veth0_macvtap: left promiscuous mode [ 371.538787][ T1202] pim6reg9 (unregistering): left allmulticast mode [ 371.550559][ T1202] pim6reg (unregistering): left allmulticast mode [ 371.822109][T15163] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 372.354277][ T1202] team0 (unregistering): Port device team_slave_1 removed [ 372.440996][ T1202] team0 (unregistering): Port device team_slave_0 removed [ 372.730358][ T5956] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 372.733686][ T5956] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 372.737848][ T5956] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 372.765101][ T5956] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 372.775663][ T5956] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 373.339722][T15185] lo speed is unknown, defaulting to 1000 [ 373.342574][T15185] lo speed is unknown, defaulting to 1000 [ 373.434856][T13283] veth0: left promiscuous mode [ 373.437136][T13283] veth1_to_team: left promiscuous mode [ 373.516379][T15193] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2494'. [ 373.556315][T15185] chnl_net:caif_netlink_parms(): no params data found [ 373.572528][ T29] hid-generic 0000:0004:0000.0007: unknown main item tag 0x0 [ 373.574980][ T29] hid-generic 0000:0004:0000.0007: unknown main item tag 0x0 [ 373.590756][ T29] hid-generic 0000:0004:0000.0007: unknown main item tag 0x0 [ 373.606631][ T29] hid-generic 0000:0004:0000.0007: hidraw1: HID v0.00 Device [syz0] on syz0 [ 373.698104][T15200] fido_id[15200]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 373.749722][T15185] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.752262][T15185] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.754786][T15185] bridge_slave_0: entered allmulticast mode [ 373.757587][T15185] bridge_slave_0: entered promiscuous mode [ 373.761988][T15185] bridge0: port 2(bridge_slave_1) entered blocking state [ 373.764418][T15185] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.766851][T15185] bridge_slave_1: entered allmulticast mode [ 373.770102][T15185] bridge_slave_1: entered promiscuous mode [ 373.814020][T15185] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 373.820769][T15185] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 373.866702][T15185] team0: Port device team_slave_0 added [ 373.870899][T15185] team0: Port device team_slave_1 added [ 373.917829][T15185] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 373.929577][T15185] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 373.937848][T15185] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 373.944146][T15185] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 373.947640][T15185] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 373.958602][T15185] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 374.007535][T15185] hsr_slave_0: entered promiscuous mode [ 374.009989][T15185] hsr_slave_1: entered promiscuous mode [ 374.012218][T15185] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 374.015475][T15185] Cannot create hsr debugfs directory [ 374.503692][T15185] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 374.510744][T15185] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 374.514729][T15185] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 374.518990][T15185] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 374.559022][T15185] 8021q: adding VLAN 0 to HW filter on device bond0 [ 374.574626][T15185] 8021q: adding VLAN 0 to HW filter on device team0 [ 374.585518][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 374.587905][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 374.613473][T15185] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 374.617368][T15185] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 374.624738][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 374.627137][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 374.752148][T15185] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 374.788856][T15185] veth0_vlan: entered promiscuous mode [ 374.797029][T15185] veth1_vlan: entered promiscuous mode [ 374.825985][ T63] Bluetooth: hci0: command tx timeout [ 374.838303][T15185] veth0_macvtap: entered promiscuous mode [ 374.845121][T15185] veth1_macvtap: entered promiscuous mode [ 374.868972][T15185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 374.876529][T15185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 374.884235][T15185] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.887113][T15185] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.889804][T15185] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.910749][T15185] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.981361][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 374.983823][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 375.017167][ T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 375.019687][ T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 375.554371][ T1202] bridge_slave_1: left allmulticast mode [ 375.556265][ T1202] bridge_slave_1: left promiscuous mode [ 375.558800][ T1202] bridge0: port 2(bridge_slave_1) entered disabled state [ 375.574597][ T1202] bridge_slave_0: left allmulticast mode [ 375.576420][ T1202] bridge_slave_0: left promiscuous mode [ 375.578865][ T1202] bridge0: port 1(bridge_slave_0) entered disabled state [ 375.665211][ T1202] bond1 (unregistering): (slave gretap1): Releasing backup interface [ 376.178061][ T1202]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 376.188226][ T1202] bond_slave_0: left promiscuous mode [ 376.190729][ T1202]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 376.193790][ T1202] bond_slave_1: left promiscuous mode [ 376.195781][ T1202]  (unregistering): Released all slaves [ 376.279089][ T1202] bond1 (unregistering): (slave bond2): Releasing backup interface [ 376.282106][ T1202] bond1 (unregistering): Released all slaves [ 376.359810][ T1202] bond2 (unregistering): Released all slaves [ 376.453971][ T1202] bond3 (unregistering): Released all slaves [ 376.462974][ T1202] bond4 (unregistering): Released all slaves [ 376.469456][ T1202] bond5 (unregistering): Released all slaves [ 376.549073][ T1202] bond0 (unregistering): Released all slaves [ 376.563071][ T8310] syz1: Port: 1 Link DOWN [ 376.625745][T15255] netlink: 'syz.1.2508': attribute type 10 has an invalid length. [ 376.628529][T15255] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2508'. [ 376.644189][T15255] team0: Port device geneve0 added [ 376.806342][ T63] Bluetooth: hci0: command tx timeout [ 377.899748][T15292] [ 377.900570][T15292] ====================================================== [ 377.902745][T15292] WARNING: possible circular locking dependency detected [ 377.904970][T15292] 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 Not tainted [ 377.907742][T15292] ------------------------------------------------------ [ 377.910757][T15292] syz.4.2522/15292 is trying to acquire lock: [ 377.912654][T15292] ffff88804bf32068 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80 [ 377.915239][T15292] [ 377.915239][T15292] but task is already holding lock: [ 377.917961][T15292] ffff8880256cc428 (sb_writers#5){.+.+}-{0:0}, at: __do_splice+0x32a/0x360 [ 377.920787][T15292] [ 377.920787][T15292] which lock already depends on the new lock. [ 377.920787][T15292] [ 377.923661][T15292] [ 377.923661][T15292] the existing dependency chain (in reverse order) is: [ 377.926374][T15292] [ 377.926374][T15292] -> #3 (sb_writers#5){.+.+}-{0:0}: [ 377.928666][T15292] mnt_want_write+0x6f/0x450 [ 377.930273][T15292] ovl_create_object+0x12c/0x300 [ 377.932005][T15292] lookup_open.isra.0+0x11d0/0x1580 [ 377.933816][T15292] path_openat+0x893/0x2cb0 [ 377.935394][T15292] do_filp_open+0x20b/0x470 [ 377.937018][T15292] do_sys_openat2+0x11b/0x1d0 [ 377.938653][T15292] __ia32_compat_sys_openat+0x16d/0x210 [ 377.940572][T15292] __do_fast_syscall_32+0x7c/0x3a0 [ 377.942346][T15292] do_fast_syscall_32+0x32/0x80 [ 377.944092][T15292] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 377.946251][T15292] [ 377.946251][T15292] -> #2 (&ovl_i_mutex_dir_key[depth]#2){++++}-{4:4}: [ 377.949130][T15292] down_read+0x9b/0x480 [ 377.950609][T15292] walk_component+0x345/0x5b0 [ 377.952284][T15292] path_lookupat+0x142/0x6d0 [ 377.953964][T15292] filename_lookup+0x224/0x5f0 [ 377.955612][T15292] kern_path+0x35/0x50 [ 377.957134][T15292] lookup_bdev+0xd8/0x280 [ 377.958660][T15292] resume_store+0x1d6/0x460 [ 377.960346][T15292] kobj_attr_store+0x55/0x80 [ 377.961950][T15292] sysfs_kf_write+0xef/0x150 [ 377.963560][T15292] kernfs_fop_write_iter+0x354/0x510 [ 377.965401][T15292] vfs_write+0x6c7/0x1150 [ 377.966982][T15292] ksys_write+0x12a/0x250 [ 377.968516][T15292] __do_fast_syscall_32+0x7c/0x3a0 [ 377.970269][T15292] do_fast_syscall_32+0x32/0x80 [ 377.971954][T15292] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 377.974083][T15292] [ 377.974083][T15292] -> #1 (&of->mutex){+.+.}-{4:4}: [ 377.976360][T15292] __mutex_lock+0x199/0xb90 [ 377.977943][T15292] kernfs_fop_write_iter+0x28f/0x510 [ 377.979766][T15292] iter_file_splice_write+0x91c/0x1150 [ 377.981651][T15292] do_splice+0x1475/0x1fc0 [ 377.983236][T15292] __do_splice+0x32a/0x360 [ 377.984797][T15292] __ia32_sys_splice+0x189/0x250 [ 377.986563][T15292] __do_fast_syscall_32+0x7c/0x3a0 [ 377.988338][T15292] do_fast_syscall_32+0x32/0x80 [ 377.990006][T15292] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 377.992119][T15292] [ 377.992119][T15292] -> #0 (&pipe->mutex){+.+.}-{4:4}: [ 377.994427][T15292] __lock_acquire+0x126f/0x1c90 [ 377.996121][T15292] lock_acquire+0x179/0x350 [ 377.997713][T15292] __mutex_lock+0x199/0xb90 [ 377.999290][T15292] pipe_lock+0x64/0x80 [ 378.000759][T15292] iter_file_splice_write+0x1ea/0x1150 [ 378.002627][T15292] do_splice+0x1475/0x1fc0 [ 378.004204][T15292] __do_splice+0x32a/0x360 [ 378.005752][T15292] __ia32_sys_splice+0x189/0x250 [ 378.007550][T15292] __do_fast_syscall_32+0x7c/0x3a0 [ 378.009360][T15292] do_fast_syscall_32+0x32/0x80 [ 378.011040][T15292] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 378.013201][T15292] [ 378.013201][T15292] other info that might help us debug this: [ 378.013201][T15292] [ 378.016433][T15292] Chain exists of: [ 378.016433][T15292] &pipe->mutex --> &ovl_i_mutex_dir_key[depth]#2 --> sb_writers#5 [ 378.016433][T15292] [ 378.020678][T15292] Possible unsafe locking scenario: [ 378.020678][T15292] [ 378.022989][T15292] CPU0 CPU1 [ 378.024660][T15292] ---- ---- [ 378.026365][T15292] rlock(sb_writers#5); [ 378.027761][T15292] lock(&ovl_i_mutex_dir_key[depth]#2); [ 378.030269][T15292] lock(sb_writers#5); [ 378.032294][T15292] lock(&pipe->mutex); [ 378.033616][T15292] [ 378.033616][T15292] *** DEADLOCK *** [ 378.033616][T15292] [ 378.036123][T15292] 1 lock held by syz.4.2522/15292: [ 378.037715][T15292] #0: ffff8880256cc428 (sb_writers#5){.+.+}-{0:0}, at: __do_splice+0x32a/0x360 [ 378.040527][T15292] [ 378.040527][T15292] stack backtrace: [ 378.042369][T15292] CPU: 3 UID: 0 PID: 15292 Comm: syz.4.2522 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) [ 378.042384][T15292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 378.042392][T15292] Call Trace: [ 378.042397][T15292] [ 378.042402][T15292] dump_stack_lvl+0x116/0x1f0 [ 378.042417][T15292] print_circular_bug+0x275/0x350 [ 378.042436][T15292] check_noncircular+0x14c/0x170 [ 378.042456][T15292] __lock_acquire+0x126f/0x1c90 [ 378.042471][T15292] lock_acquire+0x179/0x350 [ 378.042481][T15292] ? pipe_lock+0x64/0x80 [ 378.042494][T15292] ? __pfx___might_resched+0x10/0x10 [ 378.042511][T15292] __mutex_lock+0x199/0xb90 [ 378.042525][T15292] ? pipe_lock+0x64/0x80 [ 378.042536][T15292] ? pipe_lock+0x64/0x80 [ 378.042547][T15292] ? __pfx___mutex_lock+0x10/0x10 [ 378.042560][T15292] ? rcu_is_watching+0x12/0xc0 [ 378.042575][T15292] ? trace_kmalloc+0x2b/0xd0 [ 378.042590][T15292] ? __kmalloc_noprof+0x242/0x510 [ 378.042603][T15292] ? pipe_lock+0x64/0x80 [ 378.042613][T15292] pipe_lock+0x64/0x80 [ 378.042624][T15292] iter_file_splice_write+0x1ea/0x1150 [ 378.042636][T15292] ? aa_file_perm+0x4d6/0xfb0 [ 378.042651][T15292] ? __pfx_aa_file_perm+0x10/0x10 [ 378.042665][T15292] ? kasan_quarantine_put+0x10a/0x240 [ 378.042677][T15292] ? __pfx_iter_file_splice_write+0x10/0x10 [ 378.042687][T15292] ? __lock_acquire+0xb8a/0x1c90 [ 378.042698][T15292] ? tomoyo_path_number_perm+0x295/0x580 [ 378.042713][T15292] ? __pfx_iter_file_splice_write+0x10/0x10 [ 378.042724][T15292] do_splice+0x1475/0x1fc0 [ 378.042734][T15292] ? __lock_acquire+0x622/0x1c90 [ 378.042745][T15292] ? __pfx_do_splice+0x10/0x10 [ 378.042755][T15292] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 378.042771][T15292] ? find_held_lock+0x2b/0x80 [ 378.042785][T15292] __do_splice+0x32a/0x360 [ 378.042795][T15292] ? __pfx___do_splice+0x10/0x10 [ 378.042807][T15292] __ia32_sys_splice+0x189/0x250 [ 378.042818][T15292] __do_fast_syscall_32+0x7c/0x3a0 [ 378.042832][T15292] do_fast_syscall_32+0x32/0x80 [ 378.042845][T15292] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 378.042859][T15292] RIP: 0023:0xf7fc3579 [ 378.042868][T15292] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 378.042879][T15292] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000139 [ 378.042891][T15292] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 378.042898][T15292] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 00000000ffffffff [ 378.042909][T15292] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 378.042916][T15292] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 378.042922][T15292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 378.042931][T15292] [ 378.129380][ T54] libceph: connect (1)[c::]:6789 error -101 [ 378.131329][ T54] libceph: mon0 (1)[c::]:6789 connect error SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 378.190574][T15291] ceph: No mds server is up or the cluster is laggy [ 378.316182][T10503] bridge0: port 3(syz_tun) entered disabled state [ 378.321760][T10503] syz_tun (unregistering): left allmulticast mode [ 378.323822][T10503] syz_tun (unregistering): left promiscuous mode [ 378.325798][T10503] bridge0: port 3(syz_tun) entered disabled state VM DIAGNOSIS: 11:52:48 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffffc900044c7b60 RCX=0000000000000000 RDX=0000000000000000 RSI=ffffffff85099b04 RDI=ffffc900044c7b60 RBP=ffffffff85099af0 RSP=ffffc90000007f68 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=ffffc90000007ff8 R12=0000000000000000 R13=dffffc0000000000 R14=0000000000000000 R15=ffffc900044c7b28 RIP=ffffffff85099b2d RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809777b000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7354de4 CR3=000000004d2bb000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000019800000000 0000000600000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000007 RBX=ffffc900044c7b88 RCX=ffffffff81985023 RDX=0000000000000000 RSI=0000000000000004 RDI=ffffc900044c7b88 RBP=ffffc900044c7b80 RSP=ffffc900044c79d0 R8 =ffffc900044c7bd0 R9 =fffff52000898f33 R10=0000000000000003 R11=0000000000000001 R12=dffffc0000000000 R13=0000000000000002 R14=ffffc900044c7b88 R15=ffff888025750000 RIP=ffffffff8220fe78 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809787b000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008001b000 CR3=000000004d2bb000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000007400000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff888042421340 RCX=ffffffff8217d5ef RDX=ffff8880242e4880 RSI=0000000000000000 RDI=0000000000000002 RBP=0000000000000000 RSP=ffffc90003817540 R8 =0000000000000001 R9 =000000000000003f R10=0000000000000000 R11=0000000000000012 R12=0000000000001e15 R13=0000000000000001 R14=ffffc900038175d8 R15=ffffc90003817800 RIP=ffffffff81bb53a8 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f441b19b300 ffffffff 00c00000 GS =0000 ffff88809797b000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000560aebc3e000 CR3=000000004a69d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a 0000003000000012 0004000000080024 0000000000280034 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000009e1 0000001400000000 0000000000000000 0000000000000015 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1680030008000fff ffffff020a080006 0102cc06000000b1 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000080fe bb00000000000000 00000000000080fe 002c100060626060 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 dd86ffffffffffff ffffffffffff7408 00030fffffffff02 1680020284080006 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0171b20008000600 aa00000000000000 00000000000080fe bb00000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000080fe 002c4c000000f260 dd86000000000000 d5ae3b9d59cf7608 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0007f80300080007 f003048080080007 e8031ffffffffc08 0007e0030fffffff ZMM25=b134af7ab134af7a b134af7ab134af7a b134af7ab134af7a b134af7ab134af7a b134af7ab134af7a b134af7ab134af7a b134af7ab134af7a b134af7ab134af7a ZMM26=df3b57b5df3b57b5 df3b57b5df3b57b5 df3b57b5df3b57b5 df3b57b5df3b57b5 df3b57b5df3b57b5 df3b57b5df3b57b5 df3b57b5df3b57b5 df3b57b5df3b57b5 ZMM27=4ef3e7534ef3e753 4ef3e7534ef3e753 4ef3e7534ef3e753 4ef3e7534ef3e753 4ef3e7534ef3e753 4ef3e7534ef3e753 4ef3e7534ef3e753 4ef3e7534ef3e753 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=080f0000080f0000 080f0000080f0000 080f0000080f0000 080f0000080f0000 080f0000080f0000 080f0000080f0000 080f0000080f0000 080f0000080f0000 info registers vcpu 3 CPU#3 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8555b045 RDI=ffffffff9ae53d80 RBP=ffffffff9ae53d40 RSP=ffffc90002dc7258 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000002d R14=ffffffff9ae53d40 R15=ffffffff8555afe0 RIP=ffffffff8555b06f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097a7b000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7456188 CR3=000000006677b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000021000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000