last executing test programs: 5.31686421s ago: executing program 0 (id=580): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000b00000000000000000000000850000002a000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) keyctl$read(0xb, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x2}, 0x1c}}, 0x0) setgroups(0x41b7, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0]) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmmsg(r5, &(0x7f00000021c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000b00)="05", 0x1}], 0x1, &(0x7f0000001b00)=[{0xc, 0x1, 0x152cf13a}], 0xc}}], 0x1, 0x804) r6 = socket$xdp(0x2c, 0x3, 0x0) ioctl$sock_ifreq(r6, 0x8930, &(0x7f0000000000)={'pim6reg0\x00', @ifru_hwaddr=@remote}) r7 = syz_open_procfs(0x0, &(0x7f0000000400)='ns\x00') readlinkat(r7, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000440)=""/163, 0xa3) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e09f547ed3f02dc1fd3d6487775b", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 4.702359663s ago: executing program 2 (id=582): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="140000002a000beb2800000000000000000f5ddf", 0x14}], 0x1}, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB], &(0x7f0000000380)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0) r3 = syz_clone3(&(0x7f0000000680)={0xa000, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000200), {0x4}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000500)=""/136, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x4}, 0x58) ptrace$ARCH_GET_GS(0x1e, r3, 0x0, 0x1004) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes-aesni)\x00'}, 0x58) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xb989) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0xc, 0xa031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x19) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) fsopen(&(0x7f0000000140)='aio\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) 4.07722686s ago: executing program 0 (id=588): r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000080), 0x16f, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x8108551b, &(0x7f0000000100)={0x9, 0x1, "cf17d444ae52d25ded133c4e28436c17301d7e12b7522505cd3b04002497e39d62c9ec9536f2e11081011b182cdf457dbc331086fb5fc94893ac21e134c2636fbd6223e54c670604d7b5a616d8e82773f45fcef2791d6364217414e8f340ddd21e0bc85bc01883fd40368731798bf4f5c3d2f984daf125bc14a9b072c1f5336029dd0e7de862e41fdd69d173022dc2df8353f1f1a3756cafb24077d2f237633c40d80a46674a5ea1de47b2664be59596bddadcc5c682cc63fa7de99660cf24b0e753bc0d0e146169ceda569418e523a6226398398c7676ca1948ac713a1e5fa3539ea3294d98f756daebfd8967915bbe3d0229d74310881b8bf26008eabf2022"}) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1e, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0xa0}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.kill\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = getpid() ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r4, 0x401, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="640000000206050000000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a300000000005000400004000000500050002000000050001000600000014000780080006400000000008001340"], 0x64}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r7, &(0x7f0000000c80)={0x0, 0x0, 0x0}, 0x0) process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) process_vm_readv(r4, &(0x7f0000000080)=[{&(0x7f0000000000)=""/88, 0x58}], 0xd, &(0x7f0000000140)=[{&(0x7f0000002280)=""/4096, 0x1000}], 0x1, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xf5, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="880000000206010823000000000000000000000005000100060000000d000300686173683a6e65740000000005000400800000000900020073797a3100000000050005000a00000013000300686173683a6e65742c6966616365000014000780080013400000003708000640000000070500010007000000050004"], 0x88}}, 0x0) ptrace$getregset(0x4204, r4, 0x202, &(0x7f0000000180)={&(0x7f00000000c0)=""/61, 0x3d}) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r8, &(0x7f00000000c0)=0x10008e, 0x180000504) r9 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r10 = dup(r9) sendmsg$IPSET_CMD_SWAP(r10, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x8810}, 0x810) 3.531298283s ago: executing program 2 (id=589): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000480)=ANY=[@ANYRES32=r0, @ANYRESOCT=0x0, @ANYRES16=r0, @ANYRESHEX=r0, @ANYRES32=0xffffffffffffffff, @ANYRES32=r0], &(0x7f0000000000)='GPL\x00', 0x7, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x36, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) r4 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x24, 0x2007, @fd=r4, 0x5, &(0x7f00000001c0), 0x0, 0x1}) r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000004, 0x40010, 0xffffffffffffffff, 0x10000000) r8 = syz_io_uring_setup(0x490c, &(0x7f00000004c0)={0x0, 0x7415, 0x0, 0x1, 0x1f6}, &(0x7f00000000c0), &(0x7f0000000240)) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r7, &(0x7f0000000300)=@IORING_OP_MSG_RING={0x28, 0x4, 0x0, r8, 0x0, &(0x7f0000000540)="4cdca4093a3ec02ff0ed35d3002486bfe5b9164574534dce65f9a1eda3c96cc7021fb071d6053878dec91e53c50dc37ea3aac47c1e2209315a82aa94598bff749f6fdbd37fc5e8740e20b2c22175129b3dbb60f278f0fa678e62a5dd1655579b36d005911c03704744d6bc7e0089f45b8d2c772000e779144db1b3b74d96e9f8f710712a3e8b8eb78e954ea35d8fe982702f358255b14f4b7b5e29c08cbfdc153cf7c45177f4d47ac6780afbfc7f3491c45b3d390550a5f273444c3a39a1a314", 0xc0, 0x2, 0x0, {0x0, r9}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setgroups(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r10, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r11, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) syz_init_net_socket$rose(0xb, 0x5, 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) r13 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r15 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r15, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYRESOCT=r2, @ANYRES32, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) sendmsg$nl_route(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c00000010004b0400000000000000007a000000", @ANYRES32=r14, @ANYRES16=r2], 0x2c}}, 0x0) r16 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r16, 0xc0185647, &(0x7f0000000080)={0x980000, 0x21, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)={0x98f90d, 0x100000, '\x00', @p_u16=0x0}}) 3.499309705s ago: executing program 0 (id=590): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="140000002a000beb2800000000000000000f5ddf", 0x14}], 0x1}, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB], &(0x7f0000000380)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0) r3 = syz_clone3(&(0x7f0000000680)={0xa000, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000200), {0x4}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000500)=""/136, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x4}, 0x58) ptrace$ARCH_GET_GS(0x1e, r3, 0x0, 0x1004) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes-aesni)\x00'}, 0x58) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xb989) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0xc, 0xa031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x19) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) fsopen(&(0x7f0000000140)='aio\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) 3.019802506s ago: executing program 3 (id=591): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x7) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042) openat$mice(0xffffff9c, &(0x7f0000000440), 0x6c202) close(0x3) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000080)={0x1c, 0x2c, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x17, 0x0, 0x0, @fd=r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000500)='cpuset.cpu_exclusive\x00', 0x2, 0x0) pwritev2(r3, &(0x7f0000000600)=[{&(0x7f0000000540)="3539e00b318a144ed040d891888c13b3e5fb992df75d17bef1b3373f5eb18bca791f4f7f0efb79e85306db2fde27d4b92373a71103", 0x35}, {&(0x7f0000000580)="b40645ac3bed69ec25008649fd49f1745232b18389719a3a6f5ae19b5003da106e42f21c7f6a03bfa5b508e57dcb012b1ce1c5dee51180b673a8ce27219e241214e75343", 0x44}], 0x2, 0x3, 0x9, 0x8) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4a4, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3dc, 0xffffffff, 0xffffffff, 0x3dc, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x198, 0x1b8, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf4}, {0x9, 0x0, 0x24, 0x0, 'syz0\x00'}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private0, @private1, [], [], 'pimreg1\x00', 'wlan1\x00'}, 0x0, 0x1bc, 0x224, 0x0, {}, [@common=@inet=@recent0={{0xf4}, {0x0, 0x0, 0x1, 0x0, 'syz1\x00'}}, @inet=@rpfilter={{0x24}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x500) r4 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000140)) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0xa, 0x0, r5) 2.382716013s ago: executing program 2 (id=595): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001004900"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x6, 0x0, 0x0, 0x0, 0xb4d5, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x200, @void, @value}, 0x94) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000006c0), 0x0, 0x2}, 0x1c) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0xbfb, 0x2) r3 = dup2(r2, r2) ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f00000000c0)={0xf0f03f, 0x6e}) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r4, 0xab00, r5) r6 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x0) ioctl$NBD_SET_FLAGS(r6, 0xab0a, 0x1000001000104) ioctl$TCSETSF2(r3, 0x402c542d, &(0x7f0000000100)={0xffffff8e, 0xfffffffc, 0x3, 0x0, 0x4, "0ac4247b3bf5f85f491e579fbc823a67c503c7", 0x8}) r7 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x200) landlock_create_ruleset(0x0, 0x0, 0x10000000000001) ioctl$NBD_SET_SOCK(r7, 0xab00, r5) ioctl$NBD_DO_IT(r6, 0xab03) ioctl$NBD_CLEAR_SOCK(r6, 0xab04) 2.382529012s ago: executing program 1 (id=596): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000440)=ANY=[]) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="1fe8ffff0000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="21003300d0800000080211000000080211000001505050505050000000000000", @ANYRES16=r4], 0x40}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r8, 0x0, 0x4800) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, 0x0) sendmsg$NL80211_CMD_FRAME(r9, 0x0, 0x0) sendmsg$NL80211_CMD_TDLS_MGMT(r5, 0x0, 0x800) ptrace(0x10, r3) ptrace$getregset(0x4204, r3, 0x1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r10 = socket(0x1e, 0x1, 0x8df2) setsockopt$sock_void(r10, 0x1, 0x1b, 0x0, 0x0) 2.379857495s ago: executing program 3 (id=597): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="140000002a000beb2800000000000000000f5ddf", 0x14}], 0x1}, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB], &(0x7f0000000380)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0) r3 = syz_clone3(&(0x7f0000000680)={0xa000, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000200), {0x4}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000500)=""/136, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x4}, 0x58) ptrace$ARCH_GET_GS(0x1e, r3, 0x0, 0x1004) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes-aesni)\x00'}, 0x58) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xb989) preadv(0xffffffffffffffff, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0xc, 0xa031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x19) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) fsopen(&(0x7f0000000140)='aio\x00', 0x0) io_uring_setup(0x22a1, &(0x7f0000000180)={0x0, 0x13b9, 0x2000, 0x20000002, 0x118}) socket$nl_route(0x10, 0x3, 0x0) 2.170389185s ago: executing program 1 (id=598): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1f, 0x7, 0xc, 0xffffffff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) getpid() r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, 0x0, 0x0) ioctl$PPPIOCGCHAN(r0, 0x80047437, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = socket(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x401, 0x8001, 0x10400}, 0xa5, 0x10, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000009c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0x7, 0xa}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xf, 0xe75}}]}}]}, 0x48}}, 0x400c804) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback, 0xfffffffc}, 0x1c) listen(0xffffffffffffffff, 0x20000005) r8 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r8, &(0x7f0000000040)={0xa, 0x4e20, 0x6, @empty}, 0x1c) r9 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$inet6(r9, &(0x7f00000001c0)=[{{0x0, 0x9b4c, 0x0}}], 0x500, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x1000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8ae9}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r10 = syz_io_uring_setup(0x23a, &(0x7f0000000300)={0x0, 0x200000, 0x10100, 0x1, 0x1e8}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r11, r12, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2}) io_uring_enter(r10, 0x2def, 0x4000, 0x0, 0x0, 0x0) r13 = syz_open_dev$dri(0x0, 0x1, 0x0) readv(r13, &(0x7f0000000480)=[{&(0x7f0000000180)=""/19, 0x13}], 0x1) 2.012591571s ago: executing program 2 (id=599): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r3, 0x40046201, &(0x7f0000000040)='^-@\x00') ioctl$DMA_BUF_SET_NAME_A(r3, 0x40046201, &(0x7f0000000340)='\x00') mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0) fcntl$setlease(r5, 0x400, 0x1) open(&(0x7f0000000300)='./file0\x00', 0xa801, 0x40) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0), 0x80000, &(0x7f0000000600)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_none}, {@privport}], [{@fsname={'fsname', 0x3d, 'skcipher\x00'}}, {@uid_lt}]}}) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c00000010000546cf58379817e6d118b1fe03040000d3697b2300031f00675e9afdddcb3b9e75ffe1c68a9601f8074b2b71346b3708a713e3566e62ba6afa77f39efbb03c30373be73dcf96cb97a11c0000000024f9900d1c59de6223e2", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800900010069706970000000000c00028006000f0004000000"], 0x3c}}, 0x0) fcntl$getflags(r5, 0x401) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f0000001240)={0xa224400, 0x0, 0x0, 0x0, {0x17}, 0x0, 0x0, 0x0, 0x0}, 0x58) remap_file_pages(&(0x7f0000bda000/0x3000)=nil, 0x3000, 0x180000c, 0x5, 0x1a0000) r7 = openat$cgroup_procs(r4, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) setsockopt$inet_dccp_buf(r3, 0x21, 0xf, &(0x7f0000000180)="5bf8f84bc633272a7c6c59aceb26c851f5d2ad4c7eea5f1cd57f0def3d706e606f3a8df2353b10d2592d265c0ceb9ce6ce4cb6b3b2bf3c6475b60dff9f58355362f912a369172f936366affb7527e9990836455db0282d098e36097d55cbc51f968f1bb911c2ab433a30ea5887", 0x6d) write$cgroup_pid(r7, &(0x7f0000000140), 0x12) 1.594787056s ago: executing program 0 (id=600): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@window, @mss, @window, @timestamp, @sack_perm, @timestamp, @timestamp, @sack_perm], 0x2000000000000032) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="380000001800dd8d00000000000001000200000000000005000000000600350002000000"], 0x38}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[], 0x48}}, 0x11) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0) socket$igmp(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mkdirat(0xffffffffffffffff, 0x0, 0xa) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r6 = syz_open_dev$vim2m(&(0x7f0000000180), 0x2, 0x2) openat(r3, 0x0, 0x400000, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000380)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a31000000000800410072786500140033006970766c616e30000000000000000000c87b366c5ba36ec2e6d5f94d7140626ecc095a9fc8c710e82f0e002658102abd778fcf60925cac2231a46d65e30eb5e1ae91dddd34e1daa4b1d7a494beed631202b8e751fc18fcb4ca8035dcddae038a9c8c9e0ffa3171fc"], 0x38}, 0x1, 0x0, 0x0, 0x24000844}, 0x0) 1.171314265s ago: executing program 1 (id=601): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="140000002a000beb2800000000000000000f5ddf", 0x14}], 0x1}, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB], &(0x7f0000000380)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0) r3 = syz_clone3(&(0x7f0000000680)={0xa000, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000200), {0x4}, &(0x7f00000002c0)=""/32, 0x20, &(0x7f0000000500)=""/136, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x4}, 0x58) ptrace$ARCH_GET_GS(0x1e, r3, 0x0, 0x1004) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes-aesni)\x00'}, 0x58) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xb989) preadv(0xffffffffffffffff, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0xc, 0xa031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x19) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) fsopen(&(0x7f0000000140)='aio\x00', 0x0) io_uring_setup(0x22a1, &(0x7f0000000180)={0x0, 0x13b9, 0x2000, 0x20000002, 0x118}) socket$nl_route(0x10, 0x3, 0x0) 1.152807708s ago: executing program 3 (id=602): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_lsm={0x10, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="791048000000000069"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c00)=@newtaction={0x84, 0x30, 0x53b, 0x70bd2c, 0x0, {0x9}, [{0x70, 0x1, [@m_police={0x6c, 0x4, 0x0, 0x0, {{0xb}, {0x4}, {0x3d, 0x6, "acd08dcec4c38f2bc17ef517f8ee3046e9425e1f80a239d5661fbb9b7464b377cf04eee21bc42a54064f49a8f4e724b7c27dea280795ab509a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b40)={0x18, 0x10, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x8, 0xac, &(0x7f0000000140)=""/172, 0x41000, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0x43403d05, &(0x7f00000002c0)={0xb}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x1, &(0x7f0000000340)={0x0, "90f541a5e64f6190910d0000002b0592410aefd9cca7b2986eb5e50929e7cb8393"}}) sendmsg$IPSET_CMD_PROTOCOL(r0, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x1c, 0x1, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x88800}, 0x30000000) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r5, 0xc00464c9, &(0x7f0000000000)) 873.976289ms ago: executing program 2 (id=603): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x10000000000016, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@ipv6_delroute={0x1c, 0x19, 0x1}, 0x1c}}, 0x0) 668.843013ms ago: executing program 0 (id=604): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4050) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, &(0x7f0000000140)='\')\x00', 0x3) (async) r0 = getpid() (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x5}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r1 = getpid() (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) (async) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) (async) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) r4 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r4, 0x800000010d, 0x2, 0x0, 0x0) (async) r5 = syz_io_uring_setup(0x4d1f, &(0x7f0000000380)={0x0, 0xea9d, 0x10, 0x1, 0x7e}, 0x0, 0x0) r6 = syz_io_uring_setup(0x10c, &(0x7f0000000300)={0x0, 0x6b9f, 0x40, 0x0, 0x4000289, 0x0, r5}, &(0x7f0000000280)=0x0, &(0x7f0000000180)=0x0) (async) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f00000001c0)=0xfffffffc, 0x0, 0x4) (async) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r6, 0x47f9, 0x0, 0x0, 0x0, 0x0) (async) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, 0x0, 0x40000) ioctl$sock_SIOCGIFBR(r2, 0x8940, &(0x7f00000005c0)=@get={0x1, 0x0, 0xffff}) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) 592.681118ms ago: executing program 0 (id=605): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0xfff, 0x0) ioctl$VIDIOC_SUBDEV_G_SELECTION(r2, 0xc040563d, &(0x7f0000000080)={0x1, 0x0, 0x2, 0x4, {0x4, 0xfffffffd, 0x2, 0x9}}) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x68, 0x9, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_ADT={0x3c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x20}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x7fff}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0xd}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0xfffffffffffffdae}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x24048800) sendmsg$kcm(r1, &(0x7f0000003880)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000400)="2155221233a743594c7d342b3861871338b7a4a026a8a93bbf4da427c71316f47079327637fa1e04870545da5de92f9898f587ff2fde176594acaa814e6a5fbca88d9886d7c661a92cfbc78729cb78f31f2846263ab2d979512f0069f9c47bf056304b2bf6e5e3638230e961eaf27b58e42fd1f724aa618456fdec6c0301fb29b6c15fdad43e8f238f32b337e1af818be4b7a52c889bba913d729165e981e01f3f531b575b1338b3682adbff36f7977b20e88211c4972c97d2bade3ffa7ed74fb4a61000e6478961c4d48d59b6560299e83e474ab05f1c25258c433850", 0xdd}, {&(0x7f0000000340)="606fd6a19638ec449d638759c54c7dc42d026662e9bf56976c4cddd8c12cdcd9df4a8abfe64a1f777d21c7c2e8a6c6e68e95538bb6a18b5d06d754ee063b053e553d73d2f9ffffff9720ff154f2d7653f247bef86a0a896f0602c05bba52a67562b9f006e9de5596faedb8df6532b4d4c6ddc202adaa2a08d882fe0eca79952ae84fda35", 0x84}], 0x2}, 0x40008000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r1) 592.37839ms ago: executing program 2 (id=606): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') read$FUSE(r0, &(0x7f0000001100)={0x2020}, 0x204a) r1 = syz_usbip_server_init(0x1) read$msr(0xffffffffffffffff, &(0x7f0000000000)=""/112, 0x70) syz_usb_connect(0x0, 0x48, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000d419f0510117be023adf010203010902cd0001008190000904da01005a2900050824060001cb99ec05240006000d240f010400000001670e000506241a0600191524120700a317a88b045e4f01a607c0ffcb7e392a7a2413e51457a91f51b08d6241bcddd59fc2b21c3896e9d70502a34650574c22db8f44528ea19cd97fc670d2844a942f1f97c3b36d8267cb8118640c3ac4bd79bcffa99e0958fd9521a77f620035f6e0a0ac384f351f693ab6f97b5de7abb213beb3de00fc61b7c9992d94ba684b6bd5fcd3631da82671998e436622af5b0e08000609a8073d"], 0x0) write$usbip_server(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="00000003000000010000000000000001000000800000001000000088c7f4ece84ef82f37f60a7600000000070000000800000000000000000000000000000002000006be00000007000000040000000d0000010000000047253710c9afa75b0fc780000000000000000300000c72000000f5000000"], 0xb0) syz_io_uring_setup(0xa6, &(0x7f0000000480)={0x0, 0x0, 0x800, 0x4, 0x335}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) socket$inet_udp(0x2, 0x2, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=']) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x0, @fd_index=0x3, 0x7fffffffffffffff, 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioprio_set$uid(0x3, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='smaps_rollup\x00') read$FUSE(r4, 0x0, 0x0) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x8, 0x2010, 0xffffffffffffffff, 0x10000000) r6 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv6_newaddr={0x34, 0x14, 0x1, 0x0, 0x0, {0xa, 0x20, 0x0, 0x0, r8}, [@IFA_ADDRESS={0x14, 0x1, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x402}]}, 0x34}}, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000380)='syscall\x00') read(r9, &(0x7f0000001180)=""/4096, 0x1000) syz_io_uring_submit(r2, r5, &(0x7f00000000c0)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x4, 0x0, r9, &(0x7f0000000080)={0x1}, r1, 0x1, 0x0, 0x1}) 139.524851ms ago: executing program 1 (id=607): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000003340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@rights={{0x10, 0x1, 0x1, [r0]}}], 0x10}}], 0x1, 0x7e7) (fail_nth: 3) 134.207599ms ago: executing program 3 (id=608): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000100000000000000040000850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async, rerun: 32) mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) (rerun: 32) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='tracefs\x00', 0x0, 0x0) (async, rerun: 64) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x20020, &(0x7f0000000300)={[{}]}) (async, rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async) mount(&(0x7f00000000c0)=@sr0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='efs\x00', 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) (async) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) (async) r5 = dup(r4) write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000000)={0x0, 0x11, &(0x7f0000000040)={&(0x7f0000000280)={0x80, 0x0, 0x1, 0x401, 0x11, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x14, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0xe6ba7615268e7f7}]}]}, 0x80}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001800010000000000000000001d01000008000e00", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="1500010000000000000000007721f5438b20ffdf0300000008000900", @ANYBLOB="04"], 0x50}}, 0x0) (async, rerun: 32) socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 32) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000000cf3ff000c00000002000000000000000000000d000000000000"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x11}}, &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r7, 0xc, &(0x7f00000000c0)={0x2, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 50.038592ms ago: executing program 3 (id=609): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x27) r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000040)={[{0x2d, 'cpu'}]}, 0x5) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) ioperm(0x8, 0xa, 0x3) umount2(0x0, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a64000000060a0b0400000000000000000200000038000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c59208000240000000020900010073797a30000000000900020073797a320000000014000000110001"], 0x8c}}, 0x0) 49.019995ms ago: executing program 1 (id=610): r0 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async) set_mempolicy(0x4000, 0x0, 0xfffffdc5) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff3}, {0x7}, {0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000005}, 0x20040804) 2.663148ms ago: executing program 1 (id=611): pipe2$9p(&(0x7f00000001c0), 0x0) socket(0x10, 0x803, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c250000000000206ea37b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) socket$can_j1939(0x1d, 0x2, 0x7) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGKBDIACR(r1, 0x4bfa, &(0x7f0000000180)=""/255) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(0xffffffffffffffff, 0x2d3e, 0xea37, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000003480)=[{&(0x7f0000000140)="03", 0x1}, {&(0x7f00000034c0)="50bdc2efb8d0fecba7b9f07a11d112390f893112a87c4a10d97d6bd1cab082d5766613a937e7a6767af05b68c4338a3c306fec8bb9b83d8f28a04683cbd386d1d8e427b02d3ff427a0569c1682e4dcc4aa4757a01f0ec405b764df476ddc99387f04b96c82a87b3945b849965bf6320d38c85cbe36014658c0df25ec9415a444d6be387de48cac69f15b6b1d45c0f8e62b54f0ca13368cae0645969feb781db89a70463e42d3197672063faab45c46b5c3e621282991cdde50f9af1a12760812b23b29dd4fffe2a0cb4474e9fafd8f2083280a3be1f0a57329a984d2ef5e62186ac555a55e8a273c0834f2da14f0b8b6242a12cc1af203bc142cef6c0048d3e56fcb85e0deef0fa9f3c18f9a7c04caae4d57d3d4b139660a533aa9e25045e93e1be2261e166c6b7ac7855446fb863c0e6ef7c8137202ee7c52450c78c89d8a7aa278b5511e9b769209ac0747084b9c553150d8a6f060153252b4c5fe69a0ab271f85b7400358206e9d220b0065b3f94657afb4bf982e641cbe07c8f3e92b17e7e2c49174fd3bd89719d465f6de1708e1e25ad6185203cd51b939d485865504efc571ecc5915767c3b0dbd097e80c38532d7a322e48fab7a6811816d6247a644864248d635bd61b46ab09bfcebf86e06c08fb112d072365afa6bf1292f540586e16bc640f031c740a04bf61df1aa00b99ff99a49c73d5dffd1523c6d5c2d028ce3577110f15447cd87914a5534f45d9e69a8e51bfdf343f70c7c4a5ccbc62b4ad632d48f93a38361907ed686b76cda7ed98df7f04d881712280db912133fbbcef41e918e6cda8a1b25da503721e13bad3dee199f9357260c4aa7ebe23ec5c13ed13f33f9176ef2cbdec432fd6d07cdabbb051985fbd4d69f9eb09f3d6b1e78870ac6a59eba73fa5df0d1a708d2673684856cf504a2d3bcb0038605831c965e8e0c6090a0457462a6ea7564f57696219af371c120cd4565d1e278f233d738245b758e6e6b4d7c434fc5ecaaf72cc57889d10c1e2c465a12fdb25d0f653e464cab62a4179f5bab38c560a12dd5852ed2684c30787774690cb7b4f9b5f4c573759a60946d7e6708d4c520354cd7b310986ecb5569f3ba1e322ccd2282fb8ca57588b21c46ca0bfc1d50bb43cada0ca6c8337d66e348c6eeb6829eadfab60c38bbf58cad9e611b3ed84dd8f00be795673b5a611ebb1e11a54b533d9d064b5df4d1203bbf1f82a9f63c178e9441b538539193b28b70a6045e6c8f1cbddf97ff79525801bb9bbf59ed76fafcc29c8317f3f50ef5cedf5f767747ecbee95bbf7251a92382ab1ee0ac10c206ee6a4cdd4ac3fa8607c66ba19309fb0fb646c787d226d55b9f8158a3835ee5d1565f5c4fb41339088f06cc89c670da67fe33ce1f20327bd989de43e6a62a135e0ff3d3949b08bc6d46aec46ad100059cbf987054690de9764ad56dcecf5afcd19cfad537b571f324858908b86213b7420e12733cd6a192bf1f69651ea1043b9fb12bc29ced691f7ee3eaac4618732f173c424707bcac7cea3e023da9af43a7e6c465feab01f246adaf8d573e5aa578af8b36ffdd39c1d48787739bae6582b63cb7755a9ddca85a0614994d793b8f023a0ad28b5e2172a06d59ddd646e8e8de0022902f6016d60019c4ec2a753d41ddc47303d4b490c116083eb19dc36e0805b4b748f47189d288db04be485cceb5a0656e0466877526b6395bc9053cd0d703127eb912964c052442535d2d03b89cd4e1a63ceefaf043509416f79dc7507c0f84dbe881bee0d73b4e40c062d953ab2eb631bca3d71aa08bc903953cc0cb71b04b11123f5ac9ce03501c7c706130808bba16f2ccc7b0b7a5da5ca9e48e46d08f04be516249298198cf8487e3361abf2071f9d41974e9ecde5db520960eea20028ab27517b7a8ea820209107a79da17bb2c4fd11da3a4b7f71c211517c7c2c823efa85ffc100286a987a81fd266f3df86704af9a227b06f93d6ab9a220f9572591e2628233691ec5cbd04220143bdcf6b7cae2d562b98c2db8cb7534d4774159fb6b47efb7a2bcc2b8726f9dfbf68b96b3341cd9452765af2c48a2430f242facd2ef9bfb99edb16ba68c4cc7f098b4d561fc04e51121fae6d25fdff1c86e13f97c1b432c006eef5424662f657143ea858ce7e3797f40089facdf96fa10eea15a20d107e89eeab1526939f6f46cfdac6717691d8aa01819f1992d1652ff3b02661e209633270dae9b024e11933ab0f11487d488c60927ba56b12add87e89503e1d2075cd68b48da65a150c798b671effccb21332c980b59250cce776df49d4d6e958172508d325a7dc7ca539dd89db8a0a22022b9cd2b1a545c8e10d3e836b2f7f379c1d868f90dfde77c157d03a72c49985607d2fdfe31ec68acf31dba08755a63fe2acc8682ddf707b1a1e81a7fb1cc51aedb44c354bf053a2fac29845322ef612b89c5b70fac061075dd7ad7c715534d801850deb118b7414369b0357e2694d88bfffae67e82fc82202286459c8cef40ad588f750c7f50d8107f0c9c51c345d101772b921d69954ff8c41bc6fc49a8b101176f60f15515e726c94ac27a6ddd8f03fb47ef616b5d17cf00e78d8909518082ef86e32c42b8dd72c8ee084171ea61465ca3b4169b6e3abd300a1c2247ee45eed29948355096f6dba394a56d8df4addd4529d834ec8f27d4957d81fca5091004ad3ecc98acb72392689b8145a5a9ec8736464c6544a64ca40c44359429b91690bb592707c6f3d93a85766ca6a754f5bfa8824d8ca6510df9b39abb5c84281f61100507d2014eba19031e654601f0c7d7ae9c45ebbe587fbc2dd299c14c8af310c5ac41be08ea71ca18fe732eeca736af024bbafc77e38883647dec1275de5fba6161b463ac3bc8f855f7e086f6875b889d0f3132ce37c247ad7a0227e77779eddabc52f8cc95def23cd340f6a91c984cfdb15d115dfba134edb9e3764fcfda94e80c69ea473dbdf6c0c856a182856cc4aeeff4d380671e0dd73931f2c7fdd145c0dce4bdb5484ed1b840f9be7d68c04dd67184fa88bad0edd0109251d5a55ecb67e641f22685bc3e2694b98463c329a738d54c7a34af063425a24b73592d7d744d3f6e06bbf6d0292cf5d93876fcc1726746a1016c6743a0d33ce85ba2737628eb408ea6b2b31f8467a83808cb19aa91b19d37614fc9180db6dcbb1ee7a410e9907bc85f401ae68f9016084bb83f03b5e92ea54fbbf06687471ca59f7785fe3d82004aebe9df8f7ba11f86616dd8dc8987e7e3916bb3ec6ae16f769252473636cd6064f03709676e7131ce251649a203b392cbfeffdd0bbc6c139b564af69cb09ddb6375c99f3f0ae52237090b285bd98ece8bebe6ca5ee07d0665e290c333c55324fc742359779e19748af53798ff487053fa4d53054012ec7e3d42662f6ad7bd3662d90f70e09937928aff2f64a859125747ad503d55bd25b41ec2d5e346182d1c018e331222ce222de4bd5dbb73da1802550a75f6b4003448182126bbea930cb07bf2986243e73578aa754f4f50bc51c4757a35d988b402e9a4dd11db1e58d07d36e418725b80a9382261c8d32b4630dce00d068cbff3d3c5aa3205cfcfbe0e11356b42942becfdb3c24df46d45a6c0cf8cf13df6d943165c7b0b8a8c3aed8f8eb9e5e025ccf08847b67883191fe4d3134c2248b6c694410af31aaf0a5a68aff450d4e871a723badf4187fd80a69efc57d8da595123a388d135ace86be3bc3b43413726afc2b3d75e8c5b6aeb4cd0d58456cbace5a125181b9b726db185d904c24bc6e232f77ce52d75e65fff7b67891a48c0d5b1a4cd531a09dacf09f990657b418fea0d3416857c55a14842a8f40822ef82f6521ffa075420abbb2e0034b7fcc00b52c3c76c412d06968ae608c10490aa03ac684f13f8c7ca7f1aae1ab8a293b79bfff217ae49bb6d08a13b83572d1df86a941ea78123f4ab7c8e454879869ee29b03d6b6ebe9adfd202ec6413705b012a1d38635fe29e50f64c06b9531e64e763ea45c7b41eb4e644625341eeb8ac6ef09aff93283cc43659d1c9303b05f9b728c3d2f4656aa4956ac59b3bf449654440bc54ff8ee3f607fb90dfbbe289e4643c1bae9cdc4c20f33a285c5f56aa31ed4aceb1319a4234ef1dfa3a022193039758ed414541256e641b1bc0fb5396bd0c14ba3eeee638f8083bfdcfbaf1842ed90115f14bb89f08b2415022ae3885ff167285949eeb21ceb5fe5657b07fc19049712db6df0386e924a5843ba777187b149141093d5b3eb7e706dc5f4bec6f86769ba748c0287a682c7fae4c3072d0fe94007d855b03d62687d43ebe754b0732fac2c7cb7edcaaf07b108380220607cdca95892b8d7ea3401cf24dc185a4de780a217a92ae350be9bfe0d67d54bec1aeaa3ab04166e6b77d35a5fb41127e7f55bc8ac172c117d2a902c7622448cef69c0aa087c0b7adbbceea42d7148da338c40a97818fd231a1c557b4b7b2972ce55cbc086a0f03bf5a202ad742652a27ef82b3780b7942ce3203d1bbd2ebfb284f95d04b5d2b703a1ebdac774f9c285f62c7d5cbe459ba8951d4901f1bc1778642ebca5a9bc4a12a943d1088140839aac701ac8e96382b7445a25380c80e5e61ecba1288dd71cfdc610a946c9d1b14cdc8170cf43f87c9308540a04b809c9947b33d3782c46080fbae16065cf6c415b48e040273f6b185a56a1af5d9603dd546da85089b39d43ac1a3b792b150d6c36b9b709c68594dc5cd362b1a27e9cb1f41fcfb26c373936d85d3de8fb1b592519183a98590be5d95ede92844e14532a66324253750dcfc9c97bacf7c89f2fdb5b399898cdb1a59bba0c622b3f27248c9dd0686a3373bac161d26fdcad4fcfe80cc81976aa22bd61777e686d930dd6ef65dab2666ee0bc8389cd6f69dcdd33d51832858440f24dab3d4be966b4ae053bd0e55077e307fc72e4929f0999ed8cf153df74f65ba57b5b0eb972c76bf9b4395209c38b157cfeab38f3b3dc82d330467a538dc7bed276508a3c9f4d14a0f0c021150188e96af4cb7c16f6fea4574d8fe9ef95bcc1c8be02004cf41e1b1b356c9f3b641f41ca1c5a9e357052865327a14be1c6c560c1e666b35e0f79d27403bf8821199d6e418d90f5616a758d106ed420866a28f527aeaabe8aa751f88ef00d109788a85d4dc9abd2c5484cf8db17dad0e9fa3c383914fcd9b3bcb4cf1d4f6c3dc3b6db84b506560fe9b88ea8f614ee3ca48271a236941a3e3d7bc76e6527ba1d0e973e52c37c0a48f8211371aa7b41673835111b8007a479e5951b8109efb000a95efca7847e3c15fef6f2e2bf28e1f8be8a7ee92be22fff243b18229611a60da95bd07185174ab0d97af9685c35a9dc54b738b2681f7da3632a349417001467b76e4bf67e84fb4ae8415520cca492abfbdc7581abf0eaf8fa72b4433f00e3ad33f18778d8402330bcf29eda662ddeb07043e55fc565c9cab9fd5ab5090a6bfc7019d34646a8043154879d50ee72c9cf3267e36e1f8d6a126530ae6e0aa377282b8b2231bfbb2add9102d497019eabee71fd57159ea9128c12ed87b811366d7c8046913f168d82a52a2ce8c9dd8a8526f5cd7d6119916229729b5b0c44a8090e0c57efa8db6d6c787b2576e3c78a40d257a6f049389cdbe9da7d7028c5d5e273a98cab1eea4ad12026dc5dbab0e44ae998412cae4d2038497729351a064cc6b16029bdf2a3ed43016f01e868f17f1d6e271f06f22ee68fc818470d063e4b9a848ebb25186feba84a13cd0711c7ed1846ec3caf3d4329c14634", 0x1000}], 0x2) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000300)) 0s ago: executing program 3 (id=612): socket$packet(0x11, 0x3, 0x300) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000002300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) r1 = socket$packet(0x11, 0x3, 0x300) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}}, 0x0) (async, rerun: 32) sendto$packet(r1, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) (async, rerun: 32) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x83d, 0x0, &(0x7f0000000040)=0x40) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000009c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x4b4, 0x128, 0x94, 0x0, 0x324, 0x1e0, 0x420, 0x420, 0x420, 0x420, 0x420, 0x6, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x6, 0x0, 0x40}, 0x0, 0x70, 0x94}, @ECN={0x24, 'ECN\x00', 0x0, {0x20, 0xfd}}}, {{@uncond, 0x0, 0x70, 0x94}, @TTL={0x24}}, {{@uncond, 0x0, 0x94, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @TTL={0x24}}, {{@uncond, 0x0, 0xe4, 0x144, 0x0, {}, [@inet=@rpfilter={{0x24}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x2]}}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'macvtap0\x00'}, 0x0, 0x9c, 0xfc, 0x0, {}, [@common=@inet=@udplite={{0x2c}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x510) (async) gettid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000001, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 32) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async, rerun: 32) setgroups(0x0, 0x0) kernel console output (not intermixed with test programs): ive [ 46.148600][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.150802][ T5952] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.152979][ T5952] bridge_slave_0: entered allmulticast mode [ 46.155530][ T5952] bridge_slave_0: entered promiscuous mode [ 46.158880][ T5956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.162877][ T5959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.187944][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.190195][ T5952] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.192400][ T5952] bridge_slave_1: entered allmulticast mode [ 46.194963][ T5952] bridge_slave_1: entered promiscuous mode [ 46.206921][ T5956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.219263][ T5959] team0: Port device team_slave_0 added [ 46.240337][ T5952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.253443][ T5956] team0: Port device team_slave_0 added [ 46.256375][ T5959] team0: Port device team_slave_1 added [ 46.269545][ T5952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.273076][ T5956] team0: Port device team_slave_1 added [ 46.288863][ T5948] hsr_slave_0: entered promiscuous mode [ 46.291054][ T5948] hsr_slave_1: entered promiscuous mode [ 46.327069][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.329752][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.339280][ T5959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.362924][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.365262][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.374606][ T5956] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.380205][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.382399][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.390307][ T5959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.397790][ T5952] team0: Port device team_slave_0 added [ 46.408329][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.411093][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.421366][ T5956] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.431266][ T5952] team0: Port device team_slave_1 added [ 46.463593][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.466415][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.476147][ T5952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.508046][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.510114][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.517690][ T5952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.533413][ T5956] hsr_slave_0: entered promiscuous mode [ 46.535425][ T5956] hsr_slave_1: entered promiscuous mode [ 46.537306][ T5956] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.539592][ T5956] Cannot create hsr debugfs directory [ 46.545786][ T5959] hsr_slave_0: entered promiscuous mode [ 46.547934][ T5959] hsr_slave_1: entered promiscuous mode [ 46.549821][ T5959] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.552047][ T5959] Cannot create hsr debugfs directory [ 46.638199][ T5952] hsr_slave_0: entered promiscuous mode [ 46.641179][ T5952] hsr_slave_1: entered promiscuous mode [ 46.644066][ T5952] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.647582][ T5952] Cannot create hsr debugfs directory [ 46.829825][ T5948] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.837385][ T5948] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.843514][ T5948] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.858483][ T5948] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.876427][ T5959] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.882327][ T5959] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.888944][ T5959] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.899194][ T5959] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.919603][ T5952] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.924875][ T5952] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.932244][ T5952] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.938776][ T5952] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.977737][ T5956] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.983562][ T5956] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.996528][ T5956] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.001896][ T5956] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.039562][ T5948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.058461][ T5948] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.069730][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.072690][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.079044][ T5959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.089897][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.092075][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.104394][ T5959] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.117308][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.119540][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.127775][ T5952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.136888][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.139117][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.162931][ T5952] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.169902][ T5956] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.185575][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.187449][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.195643][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.198087][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.202562][ T5956] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.212184][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.214657][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.228943][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.231045][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.251660][ T5952] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.274905][ T5959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.306808][ T5959] veth0_vlan: entered promiscuous mode [ 47.312060][ T5959] veth1_vlan: entered promiscuous mode [ 47.324285][ T5948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.337756][ T5959] veth0_macvtap: entered promiscuous mode [ 47.348614][ T5959] veth1_macvtap: entered promiscuous mode [ 47.368478][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.372189][ T5952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.375010][ T5948] veth0_vlan: entered promiscuous mode [ 47.380440][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.384681][ T5959] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.388359][ T5959] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.390879][ T5959] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.393480][ T5959] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.402875][ T5956] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.417186][ T5948] veth1_vlan: entered promiscuous mode [ 47.449330][ T5948] veth0_macvtap: entered promiscuous mode [ 47.453673][ T5952] veth0_vlan: entered promiscuous mode [ 47.458233][ T5956] veth0_vlan: entered promiscuous mode [ 47.471196][ T5948] veth1_macvtap: entered promiscuous mode [ 47.479334][ T5952] veth1_vlan: entered promiscuous mode [ 47.482908][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.486044][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.487421][ T5948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.491443][ T5948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.494841][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.501517][ T5956] veth1_vlan: entered promiscuous mode [ 47.509809][ T5948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.513036][ T5948] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.517472][ T5950] Bluetooth: hci2: command tx timeout [ 47.518163][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.519358][ T5950] Bluetooth: hci1: command tx timeout [ 47.524188][ T5965] Bluetooth: hci3: command tx timeout [ 47.524629][ T5950] Bluetooth: hci0: command tx timeout [ 47.541836][ T5952] veth0_macvtap: entered promiscuous mode [ 47.546277][ T5948] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.549441][ T5948] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.552559][ T5948] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.554895][ T5948] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.559525][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.562513][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.571794][ T5956] veth0_macvtap: entered promiscuous mode [ 47.577147][ T5952] veth1_macvtap: entered promiscuous mode [ 47.583291][ T5956] veth1_macvtap: entered promiscuous mode [ 47.590954][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.594908][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.599593][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.603928][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.608796][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.624344][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.627806][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.630613][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.633622][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.636716][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.639980][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.644335][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.650625][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.653914][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.656153][ T5959] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.657128][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.666124][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.669521][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.672915][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.678045][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.681262][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.684663][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.688238][ T5952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.691229][ T5952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.695007][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.706226][ T5956] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.709422][ T5956] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.712770][ T5956] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.715984][ T5956] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.725010][ T5952] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.730138][ T5952] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.732717][ T5952] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.740477][ T5952] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.792169][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.794439][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.816019][ T1167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.818347][ T1167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.818574][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.824937][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.844276][ T1167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.850216][ T1167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.855742][ T6014] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 47.881104][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.881700][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.885253][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.889523][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.006452][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 48.009837][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 48.313585][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 48.759400][ T6030] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 49.429060][ T6045] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 49.596044][ T5950] Bluetooth: hci0: command tx timeout [ 49.596102][ T67] Bluetooth: hci3: command tx timeout [ 49.597848][ T5950] Bluetooth: hci1: command tx timeout [ 49.599428][ T5965] Bluetooth: hci2: command tx timeout [ 49.746805][ T6054] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 49.783229][ T6055] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 50.249870][ T6062] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 50.395384][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.697735][ T6067] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 51.131065][ T6073] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 51.147864][ T6071] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.164736][ T6073] syz.2.16 uses obsolete (PF_INET,SOCK_PACKET) [ 51.667705][ T6081] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 51.675345][ T5950] Bluetooth: hci2: command tx timeout [ 51.675875][ T5954] Bluetooth: hci1: command tx timeout [ 51.677466][ T5950] Bluetooth: hci0: command tx timeout [ 51.680965][ T67] Bluetooth: hci3: command tx timeout [ 52.575328][ T6071] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.591791][ T6090] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 52.629354][ T6071] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.686169][ T6071] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.777343][ T6071] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.782312][ T6071] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.787265][ T6071] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.794525][ T6071] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.845425][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 53.075834][ T6099] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 53.115529][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 53.127832][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 53.130896][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 53.755302][ T5965] Bluetooth: hci3: command tx timeout [ 53.755412][ T67] Bluetooth: hci1: command tx timeout [ 53.765318][ T67] Bluetooth: hci0: command tx timeout [ 53.765381][ T5965] Bluetooth: hci2: command tx timeout [ 54.398118][ T6115] netlink: 'syz.0.28': attribute type 1 has an invalid length. [ 54.400808][ T6115] netlink: 'syz.0.28': attribute type 10 has an invalid length. [ 54.403654][ T6115] netlink: 236 bytes leftover after parsing attributes in process `syz.0.28'. [ 55.252873][ T6132] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 55.388707][ T6134] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 55.445231][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.482034][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 55.506373][ T6140] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 55.964240][ T6144] netlink: 20 bytes leftover after parsing attributes in process `syz.2.37'. [ 56.102664][ T6145] infiniband syz1: set down [ 56.106637][ T6145] infiniband syz1: added ipvlan0 [ 56.388219][ T6145] RDS/IB: syz1: added [ 56.390443][ T6145] smc: adding ib device syz1 with port count 1 [ 56.392366][ T6145] smc: ib device syz1 port 1 has pnetid [ 56.425462][ T6157] FAULT_INJECTION: forcing a failure. [ 56.425462][ T6157] name failslab, interval 1, probability 0, space 0, times 1 [ 56.429221][ T6157] CPU: 1 UID: 0 PID: 6157 Comm: syz.1.38 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 56.429246][ T6157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.429252][ T6157] Call Trace: [ 56.429256][ T6157] [ 56.429261][ T6157] dump_stack_lvl+0x16c/0x1f0 [ 56.429281][ T6157] should_fail_ex+0x50a/0x650 [ 56.429292][ T6157] ? fs_reclaim_acquire+0xae/0x150 [ 56.429308][ T6157] ? dma_buf_dynamic_attach+0x65c/0xa40 [ 56.429322][ T6157] should_failslab+0xc2/0x120 [ 56.429334][ T6157] __kmalloc_cache_noprof+0x68/0x420 [ 56.429354][ T6157] ? __pfx___mutex_lock+0x10/0x10 [ 56.429372][ T6157] dma_buf_dynamic_attach+0x65c/0xa40 [ 56.429387][ T6157] drm_gem_prime_import_dev+0xb4/0x440 [ 56.429403][ T6157] drm_gem_prime_fd_to_handle+0x443/0x590 [ 56.429419][ T6157] drm_prime_fd_to_handle_ioctl+0xd6/0x110 [ 56.429434][ T6157] drm_ioctl_kernel+0x1e6/0x3d0 [ 56.429445][ T6157] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 56.429459][ T6157] ? __might_fault+0xe3/0x190 [ 56.429471][ T6157] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 56.429481][ T6157] ? __might_fault+0xe3/0x190 [ 56.429495][ T6157] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 56.429510][ T6157] drm_ioctl+0x57e/0xba0 [ 56.429523][ T6157] ? __pfx_drm_ioctl+0x10/0x10 [ 56.429543][ T6157] drm_compat_ioctl+0x327/0x460 [ 56.429557][ T6157] ? __pfx_drm_compat_ioctl+0x10/0x10 [ 56.429571][ T6157] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 56.429586][ T6157] __do_fast_syscall_32+0x73/0x120 [ 56.429596][ T6157] do_fast_syscall_32+0x32/0x80 [ 56.429604][ T6157] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 56.429619][ T6157] RIP: 0023:0xf7f40579 [ 56.429627][ T6157] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 56.429635][ T6157] RSP: 002b:00000000f502455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 56.429644][ T6157] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c00c642e [ 56.429650][ T6157] RDX: 0000000080000800 RSI: 0000000000000000 RDI: 0000000000000000 [ 56.429655][ T6157] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 56.429660][ T6157] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 56.429665][ T6157] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 56.429676][ T6157] [ 57.391881][ T6175] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 57.794366][ T6184] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 57.809394][ T6185] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 58.671435][ T6204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.57'. [ 58.945805][ T6215] ieee802154 phy0 wpan0: encryption failed: -22 [ 59.201608][ T6232] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 59.633061][ T5965] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 59.739278][ T6243] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 59.749644][ T6245] FAULT_INJECTION: forcing a failure. [ 59.749644][ T6245] name failslab, interval 1, probability 0, space 0, times 0 [ 59.753377][ T6245] CPU: 3 UID: 0 PID: 6245 Comm: syz.3.70 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 59.753390][ T6245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.753395][ T6245] Call Trace: [ 59.753399][ T6245] [ 59.753403][ T6245] dump_stack_lvl+0x16c/0x1f0 [ 59.753421][ T6245] should_fail_ex+0x50a/0x650 [ 59.753433][ T6245] ? fs_reclaim_acquire+0xae/0x150 [ 59.753462][ T6245] ? p9_fid_create+0x41/0x260 [ 59.753475][ T6245] should_failslab+0xc2/0x120 [ 59.753487][ T6245] __kmalloc_cache_noprof+0x68/0x420 [ 59.753497][ T6245] ? __pfx_v9fs_fid_find_inode+0x10/0x10 [ 59.753510][ T6245] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 59.753526][ T6245] p9_fid_create+0x41/0x260 [ 59.753540][ T6245] p9_client_attach+0x92/0x2b0 [ 59.753550][ T6245] ? __pfx_p9_client_attach+0x10/0x10 [ 59.753558][ T6245] ? __pfx_filename_lookup+0x10/0x10 [ 59.753568][ T6245] ? make_vfsuid+0xf1/0x140 [ 59.753582][ T6245] v9fs_fid_lookup+0x97d/0xec0 [ 59.753596][ T6245] ? common_perm_cond+0x242/0x560 [ 59.753607][ T6245] v9fs_vfs_getattr_dotl+0x12e/0x430 [ 59.753620][ T6245] ? __pfx_v9fs_vfs_getattr_dotl+0x10/0x10 [ 59.753632][ T6245] vfs_getattr_nosec+0x2ae/0x370 [ 59.753645][ T6245] vfs_statx_path+0x52/0x310 [ 59.753658][ T6245] vfs_statx+0x11f/0x1c0 [ 59.753670][ T6245] ? __pfx_vfs_statx+0x10/0x10 [ 59.753682][ T6245] ? getname_flags.part.0+0x1c5/0x550 [ 59.753697][ T6245] __do_compat_sys_newlstat+0xb1/0x140 [ 59.753714][ T6245] ? __pfx___do_compat_sys_newlstat+0x10/0x10 [ 59.753733][ T6245] ? __pfx_ksys_write+0x10/0x10 [ 59.753744][ T6245] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 59.753760][ T6245] __do_fast_syscall_32+0x73/0x120 [ 59.753770][ T6245] do_fast_syscall_32+0x32/0x80 [ 59.753778][ T6245] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 59.753794][ T6245] RIP: 0023:0xf7fb4579 [ 59.753802][ T6245] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 59.753811][ T6245] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 000000000000006b [ 59.753820][ T6245] RAX: ffffffffffffffda RBX: 00000000800000c0 RCX: 0000000080000100 [ 59.753825][ T6245] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 59.753830][ T6245] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 59.753835][ T6245] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 59.753840][ T6245] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 59.753850][ T6245] [ 59.830065][ C3] vkms_vblank_simulate: vblank timer overrun [ 60.175320][ T834] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 60.346319][ T834] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 60.350017][ T834] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.354074][ T834] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.357679][ T834] usb 7-1: config 0 interface 0 has no altsetting 0 [ 60.361708][ T834] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.364321][ T834] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.371310][ T834] usb 7-1: config 0 interface 0 has no altsetting 0 [ 60.374870][ T834] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.377679][ T834] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.381021][ T834] usb 7-1: config 0 interface 0 has no altsetting 0 [ 60.383749][ T834] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.388889][ T834] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.393703][ T834] usb 7-1: config 0 interface 0 has no altsetting 0 [ 60.400955][ T834] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.404083][ T834] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.410655][ T834] usb 7-1: config 0 interface 0 has no altsetting 0 [ 60.414436][ T834] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.417547][ T834] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.420796][ T834] usb 7-1: config 0 interface 0 has no altsetting 0 [ 60.423490][ T834] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.428348][ T834] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.432862][ T834] usb 7-1: config 0 interface 0 has no altsetting 0 [ 60.436137][ T834] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 60.438865][ T834] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 60.442333][ T834] usb 7-1: config 0 interface 0 has no altsetting 0 [ 60.450882][ T834] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 60.454675][ T834] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 60.458139][ T834] usb 7-1: Product: syz [ 60.460056][ T834] usb 7-1: Manufacturer: syz [ 60.462080][ T834] usb 7-1: SerialNumber: syz [ 60.469923][ T834] usb 7-1: config 0 descriptor?? [ 60.505581][ T834] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 60.695828][ T834] usb 7-1: USB disconnect, device number 2 [ 60.702638][ T834] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 60.937696][ T6268] netlink: 56 bytes leftover after parsing attributes in process `syz.3.77'. [ 61.180135][ T6290] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 61.275604][ T6291] netlink: 12 bytes leftover after parsing attributes in process `syz.0.83'. [ 61.279519][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.83'. [ 61.306409][ T6292] netlink: 12 bytes leftover after parsing attributes in process `syz.3.85'. [ 61.541011][ T6294] ubi31: attaching mtd0 [ 61.543489][ T6294] FAULT_INJECTION: forcing a failure. [ 61.543489][ T6294] name failslab, interval 1, probability 0, space 0, times 0 [ 61.547925][ T6294] CPU: 2 UID: 0 PID: 6294 Comm: syz.1.86 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 61.547939][ T6294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.547944][ T6294] Call Trace: [ 61.547948][ T6294] [ 61.547952][ T6294] dump_stack_lvl+0x16c/0x1f0 [ 61.547971][ T6294] should_fail_ex+0x50a/0x650 [ 61.547983][ T6294] ? fs_reclaim_acquire+0xae/0x150 [ 61.547999][ T6294] should_failslab+0xc2/0x120 [ 61.548011][ T6294] __kmalloc_node_noprof+0xd1/0x520 [ 61.548023][ T6294] ? __vmalloc_node_range_noprof+0x3d8/0x1530 [ 61.548035][ T6294] __vmalloc_node_range_noprof+0x3d8/0x1530 [ 61.548044][ T6294] ? __pfx__printk+0x10/0x10 [ 61.548059][ T6294] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 61.548072][ T6294] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 61.548082][ T6294] ? lockdep_init_map_type+0x16d/0x7d0 [ 61.548095][ T6294] ? lockdep_init_map_type+0x16d/0x7d0 [ 61.548108][ T6294] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 61.548117][ T6294] vmalloc_noprof+0x6b/0x90 [ 61.548126][ T6294] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 61.548138][ T6294] ubi_attach_mtd_dev+0x1543/0x3590 [ 61.548152][ T6294] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 61.548161][ T6294] ? __pfx_get_mtd_device+0x10/0x10 [ 61.548176][ T6294] ctrl_cdev_ioctl+0x339/0x3d0 [ 61.548185][ T6294] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 61.548195][ T6294] ? __fget_files+0x206/0x3a0 [ 61.548207][ T6294] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 61.548215][ T6294] compat_ptr_ioctl+0x6b/0xa0 [ 61.548229][ T6294] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 61.548241][ T6294] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 61.548256][ T6294] __do_fast_syscall_32+0x73/0x120 [ 61.548266][ T6294] do_fast_syscall_32+0x32/0x80 [ 61.548275][ T6294] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 61.548290][ T6294] RIP: 0023:0xf7f40579 [ 61.548297][ T6294] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 61.548305][ T6294] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 61.548314][ T6294] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040186f40 [ 61.548320][ T6294] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000 [ 61.548324][ T6294] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 61.548329][ T6294] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 61.548334][ T6294] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.548344][ T6294] [ 61.548452][ T6294] syz.1.86: vmalloc error: size 4096, failed to allocated page array size 8, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 61.642915][ T6294] CPU: 3 UID: 0 PID: 6294 Comm: syz.1.86 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 61.642935][ T6294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.642946][ T6294] Call Trace: [ 61.642951][ T6294] [ 61.642958][ T6294] dump_stack_lvl+0x16c/0x1f0 [ 61.642994][ T6294] warn_alloc+0x24d/0x3a0 [ 61.643015][ T6294] ? __pfx_warn_alloc+0x10/0x10 [ 61.643033][ T6294] ? dump_stack_lvl+0x185/0x1f0 [ 61.643056][ T6294] ? lockdep_hardirqs_on+0x7c/0x110 [ 61.643085][ T6294] ? rcu_is_watching+0x12/0xc0 [ 61.643110][ T6294] ? trace_kmalloc+0x2d/0xd0 [ 61.643132][ T6294] ? __kmalloc_node_noprof+0x23d/0x520 [ 61.643158][ T6294] __vmalloc_node_range_noprof+0x1102/0x1530 [ 61.643174][ T6294] ? __pfx__printk+0x10/0x10 [ 61.643200][ T6294] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 61.643222][ T6294] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 61.643238][ T6294] ? lockdep_init_map_type+0x16d/0x7d0 [ 61.643260][ T6294] ? lockdep_init_map_type+0x16d/0x7d0 [ 61.643281][ T6294] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 61.643295][ T6294] vmalloc_noprof+0x6b/0x90 [ 61.643309][ T6294] ? ubi_attach_mtd_dev+0x1543/0x3590 [ 61.643318][ T6294] ubi_attach_mtd_dev+0x1543/0x3590 [ 61.643332][ T6294] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 61.643341][ T6294] ? __pfx_get_mtd_device+0x10/0x10 [ 61.643356][ T6294] ctrl_cdev_ioctl+0x339/0x3d0 [ 61.643365][ T6294] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 61.643375][ T6294] ? __fget_files+0x206/0x3a0 [ 61.643387][ T6294] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 61.643396][ T6294] compat_ptr_ioctl+0x6b/0xa0 [ 61.643409][ T6294] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 61.643421][ T6294] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 61.643437][ T6294] __do_fast_syscall_32+0x73/0x120 [ 61.643446][ T6294] do_fast_syscall_32+0x32/0x80 [ 61.643455][ T6294] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 61.643470][ T6294] RIP: 0023:0xf7f40579 [ 61.643479][ T6294] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 61.643487][ T6294] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 61.643496][ T6294] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040186f40 [ 61.643501][ T6294] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000 [ 61.643506][ T6294] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 61.643511][ T6294] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 61.643515][ T6294] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.643526][ T6294] [ 61.643529][ T6294] Mem-Info: [ 61.729027][ T6294] active_anon:11384 inactive_anon:0 isolated_anon:0 [ 61.729027][ T6294] active_file:1420 inactive_file:38161 isolated_file:0 [ 61.729027][ T6294] unevictable:1768 dirty:334 writeback:0 [ 61.729027][ T6294] slab_reclaimable:9990 slab_unreclaimable:55997 [ 61.729027][ T6294] mapped:29644 shmem:8210 pagetables:819 [ 61.729027][ T6294] sec_pagetables:300 bounce:0 [ 61.729027][ T6294] kernel_misc_reclaimable:0 [ 61.729027][ T6294] free:61355 free_pcp:1273 free_cma:0 [ 61.744312][ T6294] Node 0 active_anon:2484kB inactive_anon:0kB active_file:120kB inactive_file:14392kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:5280kB dirty:16kB writeback:0kB shmem:4164kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9104kB pagetables:576kB sec_pagetables:1128kB all_unreclaimable? yes [ 61.753363][ T6294] Node 1 active_anon:43052kB inactive_anon:0kB active_file:5560kB inactive_file:138252kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:113296kB dirty:1320kB writeback:0kB shmem:28676kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2948kB pagetables:2700kB sec_pagetables:72kB all_unreclaimable? no [ 61.765914][ T6294] Node 0 DMA free:2972kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:256kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:376kB local_pcp:160kB free_cma:0kB [ 61.777595][ T6294] lowmem_reserve[]: 0 297 0 0 0 [ 61.779604][ T6294] Node 0 DMA32 free:27116kB boost:8192kB min:21864kB low:25280kB high:28696kB reserved_highatomic:4096KB active_anon:2408kB inactive_anon:0kB active_file:120kB inactive_file:14136kB unevictable:3536kB writepending:16kB present:1032196kB managed:305044kB mlocked:0kB bounce:0kB free_pcp:1216kB local_pcp:964kB free_cma:0kB [ 61.791482][ T6294] lowmem_reserve[]: 0 0 0 0 0 [ 61.793452][ T6294] Node 1 DMA32 free:215820kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:43052kB inactive_anon:0kB active_file:5560kB inactive_file:138252kB unevictable:3536kB writepending:1320kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:3568kB local_pcp:548kB free_cma:0kB [ 61.802262][ T6294] lowmem_reserve[]: 0 0 0 0 0 [ 61.803886][ T6294] Node 0 DMA: 99*4kB (UM) 52*8kB (UM) 33*16kB (U) 35*32kB (UM) 8*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2972kB [ 61.808806][ T6294] Node 0 DMA32: 599*4kB (UMH) 134*8kB (UMEH) 38*16kB (UMEH) 218*32kB (UMEH) 86*64kB (UMH) 30*128kB (UMEH) 10*256kB (UMEH) 4*512kB (U) 2*1024kB (EH) 0*2048kB 0*4096kB = 27052kB [ 61.815970][ T6294] Node 1 DMA32: 40*4kB (UME) 50*8kB (UME) 27*16kB (UME) 25*32kB (UME) 19*64kB (UME) 11*128kB (ME) 1*256kB (M) 9*512kB (UM) 9*1024kB (ME) 3*2048kB (ME) 47*4096kB (M) = 217152kB [ 61.823011][ T6294] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 61.827065][ T6294] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 61.831254][ T6294] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 61.834184][ T6294] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 61.838737][ T6294] 47791 total pagecache pages [ 61.840160][ T6294] 0 pages in swap cache [ 61.841376][ T6294] Free swap = 124996kB [ 61.842637][ T6294] Total swap = 124996kB [ 61.843899][ T6294] 524155 pages RAM [ 61.845044][ T6294] 0 pages HighMem/MovableOnly [ 61.847145][ T6294] 206991 pages reserved [ 61.848298][ T6294] 0 pages cma reserved [ 61.897161][ T6301] block device autoloading is deprecated and will be removed. [ 62.119075][ T6314] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 62.375473][ T834] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 62.533049][ T6321] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 62.595169][ T834] usb 7-1: Using ep0 maxpacket: 32 [ 62.599388][ T834] usb 7-1: config 32 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 62.602879][ T834] usb 7-1: config 32 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 62.606223][ T834] usb 7-1: config 32 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 62.609919][ T834] usb 7-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 62.612515][ T834] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.896593][ T6323] netlink: 20 bytes leftover after parsing attributes in process `syz.1.97'. [ 62.972769][ T6324] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 63.246989][ T834] usbhid 7-1:32.0: can't add hid device: -71 [ 63.249506][ T834] usbhid 7-1:32.0: probe with driver usbhid failed with error -71 [ 63.255020][ T834] usb 7-1: USB disconnect, device number 3 [ 63.697170][ T6337] MTD: Couldn't look up 'À': -2 [ 63.802471][ T6339] ======================================================= [ 63.802471][ T6339] WARNING: The mand mount option has been deprecated and [ 63.802471][ T6339] and is ignored by this kernel. Remove the mand [ 63.802471][ T6339] option from the mount to silence this warning. [ 63.802471][ T6339] ======================================================= [ 63.862286][ T6341] 9pnet_virtio: no channels available for device syz [ 64.076269][ T6349] netlink: 28 bytes leftover after parsing attributes in process `syz.2.107'. [ 64.131666][ T6360] mmap: syz.2.107 (6360) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 64.137516][ T6360] netlink: 12 bytes leftover after parsing attributes in process `syz.2.107'. [ 64.153073][ T6360] netlink: 12 bytes leftover after parsing attributes in process `syz.2.107'. [ 64.156988][ T6362] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 64.326370][ T5965] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 64.328852][ T5965] Bluetooth: hci3: Injecting HCI hardware error event [ 64.331979][ T67] Bluetooth: hci3: hardware error 0x00 [ 64.731389][ T6370] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 65.635841][ T6392] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 66.171103][ T6413] Bluetooth: MGMT ver 1.23 [ 66.395307][ T67] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 66.510925][ T6420] FAULT_INJECTION: forcing a failure. [ 66.510925][ T6420] name failslab, interval 1, probability 0, space 0, times 0 [ 66.514980][ T6420] CPU: 2 UID: 0 PID: 6420 Comm: syz.0.130 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 66.514999][ T6420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.515009][ T6420] Call Trace: [ 66.515014][ T6420] [ 66.515020][ T6420] dump_stack_lvl+0x16c/0x1f0 [ 66.515047][ T6420] should_fail_ex+0x50a/0x650 [ 66.515079][ T6420] ? fs_reclaim_acquire+0xae/0x150 [ 66.515105][ T6420] should_failslab+0xc2/0x120 [ 66.515124][ T6420] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 66.515143][ T6420] ? __alloc_skb+0x2b3/0x380 [ 66.515157][ T6420] __alloc_skb+0x2b3/0x380 [ 66.515172][ T6420] ? __pfx___alloc_skb+0x10/0x10 [ 66.515187][ T6420] ? lock_acquire+0x2f/0xb0 [ 66.515210][ T6420] netlink_alloc_large_skb+0x69/0x130 [ 66.515233][ T6420] netlink_sendmsg+0x689/0xd70 [ 66.515252][ T6420] ? __pfx_netlink_sendmsg+0x10/0x10 [ 66.515281][ T6420] ____sys_sendmsg+0x9ae/0xb40 [ 66.515303][ T6420] ? __pfx_____sys_sendmsg+0x10/0x10 [ 66.515322][ T6420] ? get_compat_msghdr+0x11b/0x170 [ 66.515350][ T6420] ___sys_sendmsg+0x135/0x1e0 [ 66.515364][ T6420] ? __pfx____sys_sendmsg+0x10/0x10 [ 66.515386][ T6420] ? __pfx_lock_release+0x10/0x10 [ 66.515403][ T6420] ? trace_lock_acquire+0x14e/0x1f0 [ 66.515424][ T6420] ? __fget_files+0x206/0x3a0 [ 66.515445][ T6420] __sys_sendmsg+0x16e/0x220 [ 66.515459][ T6420] ? __pfx___sys_sendmsg+0x10/0x10 [ 66.515484][ T6420] __do_fast_syscall_32+0x73/0x120 [ 66.515519][ T6420] do_fast_syscall_32+0x32/0x80 [ 66.515533][ T6420] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 66.515557][ T6420] RIP: 0023:0xf7f23579 [ 66.515567][ T6420] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 66.515579][ T6420] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 66.515593][ T6420] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 66.515602][ T6420] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 66.515611][ T6420] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 66.515619][ T6420] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 66.515627][ T6420] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 66.515645][ T6420] [ 66.661253][ T6426] ax25_connect(): syz.3.131 uses autobind, please contact jreuter@yaina.de [ 67.846642][ T6445] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! usb_generic_handle_packet: ctrl buffer too small (16384 > 4096) [ 68.673247][ T6465] can0: slcan on ptm0. [ 68.799294][ T6465] can0 (unregistered): slcan off ptm0. [ 68.953833][ T39] audit: type=1326 audit(1738957188.955:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.1.147" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f40579 code=0x7fc00000 [ 69.451407][ T6481] Zero length message leads to an empty skb [ 69.678130][ T39] audit: type=1326 audit(1738957189.685:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.1.147" exe="/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf7f40579 code=0x7fc00000 [ 69.968557][ T6493] netlink: 'syz.2.152': attribute type 2 has an invalid length. [ 69.976949][ T6493] ubi31: attaching mtd0 [ 69.979150][ T6493] ubi31: scanning is finished [ 69.980984][ T6493] ubi31: empty MTD device detected [ 70.022719][ T6495] netlink: 16 bytes leftover after parsing attributes in process `syz.1.153'. [ 70.069526][ T6493] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 70.072329][ T6493] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 70.072355][ T6493] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 70.072371][ T6493] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 70.081143][ T6493] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 70.083943][ T6493] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 70.087640][ T6493] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2548974790 [ 70.090771][ T6493] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 70.093903][ T6498] ubi31: background thread "ubi_bgt31d" started, PID 6498 [ 70.163597][ T6504] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 70.375250][ T1323] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 70.517208][ T6509] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 70.535875][ T1323] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 70.546414][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 70.550299][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.553709][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 70.585874][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 70.589751][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.593121][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 70.606655][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 70.610759][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.614157][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 70.631593][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 70.645370][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.648390][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 70.652398][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 70.665155][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.668532][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 70.672225][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 70.676429][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.679872][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 70.697085][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 70.701006][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.704630][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 70.712556][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 70.720173][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 70.726560][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 70.767291][ T1323] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 70.770771][ T1323] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 70.774083][ T1323] usb 7-1: Product: syz [ 70.781975][ T1323] usb 7-1: Manufacturer: syz [ 70.789681][ T1323] usb 7-1: SerialNumber: syz [ 70.798191][ T1323] usb 7-1: config 0 descriptor?? [ 70.802571][ T1323] yurex 7-1:0.0: Could not find endpoints [ 70.810390][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.812996][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.948245][ T6524] netlink: 20 bytes leftover after parsing attributes in process `syz.1.165'. [ 70.969644][ T6524] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 71.007244][ T6012] usb 7-1: USB disconnect, device number 4 [ 71.009093][ T6530] FAULT_INJECTION: forcing a failure. [ 71.009093][ T6530] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 71.016504][ T6530] CPU: 3 UID: 0 PID: 6530 Comm: syz.3.167 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 71.016529][ T6530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.016538][ T6530] Call Trace: [ 71.016542][ T6530] [ 71.016548][ T6530] dump_stack_lvl+0x16c/0x1f0 [ 71.016577][ T6530] should_fail_ex+0x50a/0x650 [ 71.016600][ T6530] _copy_to_user+0x32/0xd0 [ 71.016626][ T6530] simple_read_from_buffer+0xd0/0x160 [ 71.016652][ T6530] proc_fail_nth_read+0x198/0x270 [ 71.016675][ T6530] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 71.016698][ T6530] ? rw_verify_area+0xcf/0x680 [ 71.016722][ T6530] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 71.016745][ T6530] vfs_read+0x1df/0xbf0 [ 71.016761][ T6530] ? __fget_files+0x1fc/0x3a0 [ 71.016779][ T6530] ? __pfx___mutex_lock+0x10/0x10 [ 71.016803][ T6530] ? __pfx_vfs_read+0x10/0x10 [ 71.016832][ T6530] ? __fget_files+0x206/0x3a0 [ 71.016855][ T6530] ksys_read+0x12b/0x250 [ 71.016871][ T6530] ? __pfx_ksys_read+0x10/0x10 [ 71.016895][ T6530] __do_fast_syscall_32+0x73/0x120 [ 71.016912][ T6530] do_fast_syscall_32+0x32/0x80 [ 71.016928][ T6530] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 71.016954][ T6530] RIP: 0023:0xf7fb4579 [ 71.016966][ T6530] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 71.016980][ T6530] RSP: 002b:00000000f50d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 71.016996][ T6530] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50d6620 [ 71.017006][ T6530] RDX: 000000000000000f RSI: 00000000f743cff4 RDI: 0000000000000000 [ 71.017014][ T6530] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 71.017023][ T6530] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 71.017032][ T6530] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 71.017051][ T6530] [ 71.093930][ C3] vkms_vblank_simulate: vblank timer overrun [ 71.498131][ T6555] FAULT_INJECTION: forcing a failure. [ 71.498131][ T6555] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 71.499301][ T39] audit: type=1800 audit(1738957191.505:4): pid=6546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.3.173" name="/newroot/48/file0" dev="tmpfs" ino=268 res=0 errno=0 [ 71.502215][ T6555] CPU: 1 UID: 0 PID: 6555 Comm: syz.0.175 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 71.502230][ T6555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.502236][ T6555] Call Trace: [ 71.502240][ T6555] [ 71.502244][ T6555] dump_stack_lvl+0x16c/0x1f0 [ 71.502264][ T6555] should_fail_ex+0x50a/0x650 [ 71.502276][ T6555] ? __pfx___might_resched+0x10/0x10 [ 71.502290][ T6555] should_fail_alloc_page+0xe7/0x130 [ 71.502304][ T6555] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 71.502322][ T6555] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 71.502339][ T6555] ? hlock_class+0x4e/0x130 [ 71.502356][ T6555] ? mark_lock+0xb5/0xc60 [ 71.502367][ T6555] ? __pfx___lock_acquire+0x10/0x10 [ 71.502378][ T6555] ? __pfx_mark_lock+0x10/0x10 [ 71.502388][ T6555] ? __pfx_mark_lock+0x10/0x10 [ 71.502408][ T6555] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 71.502424][ T6555] ? find_held_lock+0x2d/0x110 [ 71.502441][ T6555] ? hlock_class+0x4e/0x130 [ 71.502454][ T6555] ? __lock_acquire+0xcc5/0x3c40 [ 71.502465][ T6555] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 71.502479][ T6555] ? policy_nodemask+0xea/0x4e0 [ 71.502491][ T6555] alloc_pages_mpol+0x1fc/0x540 [ 71.502504][ T6555] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 71.502518][ T6555] folio_alloc_mpol_noprof+0x36/0x2f0 [ 71.502533][ T6555] vma_alloc_folio_noprof+0xee/0x1b0 [ 71.502546][ T6555] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 71.502559][ T6555] ? find_held_lock+0x2d/0x110 [ 71.502576][ T6555] do_pte_missing+0x202f/0x3e10 [ 71.502591][ T6555] __handle_mm_fault+0x1166/0x2c60 [ 71.502611][ T6555] ? __pfx___handle_mm_fault+0x10/0x10 [ 71.502621][ T6555] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 71.502638][ T6555] ? find_vma+0xc0/0x140 [ 71.502652][ T6555] ? __pfx_find_vma+0x10/0x10 [ 71.502668][ T6555] handle_mm_fault+0x3fa/0xaa0 [ 71.502680][ T6555] do_user_addr_fault+0x7a3/0x13f0 [ 71.502696][ T6555] exc_page_fault+0x5c/0xc0 [ 71.502710][ T6555] asm_exc_page_fault+0x26/0x30 [ 71.502723][ T6555] RIP: 0010:__put_user_4+0x11/0x20 [ 71.502738][ T6555] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 71.502746][ T6555] RSP: 0018:ffffc90030baf910 EFLAGS: 00050206 [ 71.502754][ T6555] RAX: 0000000000000016 RBX: 0000000000000000 RCX: 0000000080009ac0 [ 71.502760][ T6555] RDX: ffff88801fe9a440 RSI: ffffffff891cafc6 RDI: ffffffff8bd2d220 [ 71.502765][ T6555] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff20bfb22 [ 71.502770][ T6555] R10: ffffffff905fd917 R11: 0000000000000000 R12: 0000000080009ac0 [ 71.502775][ T6555] R13: 1ffff92006175f23 R14: 000000000000541b R15: 0000000000000002 [ 71.502785][ T6555] ? sk_ioctl+0x1c6/0x360 [ 71.502799][ T6555] sk_ioctl+0x1d2/0x360 [ 71.502811][ T6555] ? __pfx_sk_ioctl+0x10/0x10 [ 71.502827][ T6555] ieee802154_sock_ioctl+0x127/0x460 [ 71.502840][ T6555] ? __do_compat_sys_ioctl+0x4e/0x2c0 [ 71.502853][ T6555] ? __do_fast_syscall_32+0x73/0x120 [ 71.502862][ T6555] ? __pfx_ieee802154_sock_ioctl+0x10/0x10 [ 71.502875][ T6555] ? hlock_class+0x4e/0x130 [ 71.502888][ T6555] ? mark_lock+0xb5/0xc60 [ 71.502899][ T6555] ? __pfx_mark_lock+0x10/0x10 [ 71.502912][ T6555] sock_do_ioctl+0x116/0x280 [ 71.502925][ T6555] ? __pfx_sock_do_ioctl+0x10/0x10 [ 71.502940][ T6555] ? find_held_lock+0x2d/0x110 [ 71.502957][ T6555] sock_ioctl+0x228/0x6c0 [ 71.502970][ T6555] ? __pfx_sock_ioctl+0x10/0x10 [ 71.502981][ T6555] ? tomoyo_path_number_perm+0x46d/0x5b0 [ 71.502994][ T6555] ? tomoyo_path_number_perm+0x190/0x5b0 [ 71.503004][ T6555] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 71.503014][ T6555] ? __pfx_sock_ioctl+0x10/0x10 [ 71.503026][ T6555] do_vfs_ioctl+0x682/0x1950 [ 71.503041][ T6555] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 71.503061][ T6555] ? __pfx_lock_release+0x10/0x10 [ 71.503071][ T6555] ? trace_lock_acquire+0x14e/0x1f0 [ 71.503084][ T6555] ? __fget_files+0x206/0x3a0 [ 71.503098][ T6555] __do_compat_sys_ioctl+0x148/0x2c0 [ 71.503114][ T6555] __do_fast_syscall_32+0x73/0x120 [ 71.503123][ T6555] do_fast_syscall_32+0x32/0x80 [ 71.503132][ T6555] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 71.503146][ T6555] RIP: 0023:0xf7f23579 [ 71.503153][ T6555] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 71.503161][ T6555] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 71.503169][ T6555] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000541b [ 71.503174][ T6555] RDX: 0000000080009ac0 RSI: 0000000000000000 RDI: 0000000000000000 [ 71.503179][ T6555] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 71.503183][ T6555] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 71.503188][ T6555] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 71.503199][ T6555] [ 71.687332][ T6562] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 71.691857][ T6562] batman_adv: batadv0: Adding interface: gretap1 [ 71.693711][ T6562] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.701150][ T6562] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 72.484402][ T6596] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 72.589851][ T6598] netlink: 140 bytes leftover after parsing attributes in process `syz.1.189'. [ 72.598083][ T6598] netlink: 140 bytes leftover after parsing attributes in process `syz.1.189'. [ 72.618417][ T6598] netlink: 140 bytes leftover after parsing attributes in process `syz.1.189'. [ 72.626480][ T6598] netlink: 140 bytes leftover after parsing attributes in process `syz.1.189'. [ 72.784166][ T6606] netlink: 20 bytes leftover after parsing attributes in process `syz.1.192'. [ 72.850240][ T6608] netlink: 'syz.0.191': attribute type 1 has an invalid length. [ 73.956356][ T6630] smc: net device bond0 applied user defined pnetid SYZ2 [ 74.856211][ T6655] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 75.179534][ T6663] FAULT_INJECTION: forcing a failure. [ 75.179534][ T6663] name failslab, interval 1, probability 0, space 0, times 0 [ 75.183824][ T6663] CPU: 0 UID: 0 PID: 6663 Comm: syz.3.207 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 75.183845][ T6663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.183854][ T6663] Call Trace: [ 75.183860][ T6663] [ 75.183866][ T6663] dump_stack_lvl+0x16c/0x1f0 [ 75.183897][ T6663] should_fail_ex+0x50a/0x650 [ 75.183917][ T6663] ? fs_reclaim_acquire+0xae/0x150 [ 75.183945][ T6663] should_failslab+0xc2/0x120 [ 75.183965][ T6663] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 75.183984][ T6663] ? __alloc_skb+0x2b3/0x380 [ 75.184003][ T6663] __alloc_skb+0x2b3/0x380 [ 75.184017][ T6663] ? __pfx___alloc_skb+0x10/0x10 [ 75.184038][ T6663] netlink_ack+0x164/0xb20 [ 75.184066][ T6663] netlink_rcv_skb+0x327/0x410 [ 75.184087][ T6663] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 75.184113][ T6663] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 75.184133][ T6663] ? __pfx_aa_get_newest_label+0x10/0x10 [ 75.184166][ T6663] ? bpf_lsm_capable+0x9/0x10 [ 75.184189][ T6663] ? security_capable+0x7e/0x260 [ 75.184213][ T6663] ? ns_capable+0xd7/0x110 [ 75.184234][ T6663] nfnetlink_rcv+0x1b4/0x430 [ 75.184257][ T6663] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 75.184280][ T6663] ? netlink_deliver_tap+0x1ae/0xca0 [ 75.184304][ T6663] netlink_unicast+0x53c/0x7f0 [ 75.184327][ T6663] ? __pfx_netlink_unicast+0x10/0x10 [ 75.184348][ T6663] ? __phys_addr_symbol+0x30/0x80 [ 75.184371][ T6663] ? __check_object_size+0x488/0x710 [ 75.184392][ T6663] netlink_sendmsg+0x8b8/0xd70 [ 75.184416][ T6663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.184443][ T6663] ____sys_sendmsg+0x9ae/0xb40 [ 75.184465][ T6663] ? __pfx_____sys_sendmsg+0x10/0x10 [ 75.184485][ T6663] ? get_compat_msghdr+0x11b/0x170 [ 75.184514][ T6663] ___sys_sendmsg+0x135/0x1e0 [ 75.184531][ T6663] ? __pfx____sys_sendmsg+0x10/0x10 [ 75.184556][ T6663] ? __pfx_lock_release+0x10/0x10 [ 75.184579][ T6663] ? trace_lock_acquire+0x14e/0x1f0 [ 75.184602][ T6663] ? __fget_files+0x206/0x3a0 [ 75.184625][ T6663] __sys_sendmsg+0x16e/0x220 [ 75.184640][ T6663] ? __pfx___sys_sendmsg+0x10/0x10 [ 75.184669][ T6663] __do_fast_syscall_32+0x73/0x120 [ 75.184685][ T6663] do_fast_syscall_32+0x32/0x80 [ 75.184699][ T6663] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 75.184723][ T6663] RIP: 0023:0xf7fb4579 [ 75.184735][ T6663] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 75.184748][ T6663] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 75.184763][ T6663] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000800000c0 [ 75.184773][ T6663] RDX: 0000000004004810 RSI: 0000000000000000 RDI: 0000000000000000 [ 75.184782][ T6663] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 75.184791][ T6663] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 75.184800][ T6663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 75.184818][ T6663] [ 75.206616][ T6668] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 75.575187][ T25] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 75.745943][ T25] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 75.758321][ T25] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.763008][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.771793][ T25] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 75.772800][ T6679] netlink: 28 bytes leftover after parsing attributes in process `syz.3.212'. [ 75.776884][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.782570][ T25] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.785630][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.787463][ T39] audit: type=1326 audit(1738957195.795:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6680 comm="syz.0.213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23579 code=0x7ffc0000 [ 75.788377][ T25] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 75.794746][ T39] audit: type=1326 audit(1738957195.795:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6680 comm="syz.0.213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23579 code=0x7ffc0000 [ 75.798861][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.808600][ T25] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.809739][ T39] audit: type=1326 audit(1738957195.795:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6680 comm="syz.0.213" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf7f23579 code=0x7ffc0000 [ 75.812263][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.818039][ T39] audit: type=1326 audit(1738957195.795:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6680 comm="syz.0.213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23579 code=0x7ffc0000 [ 75.818060][ T39] audit: type=1326 audit(1738957195.795:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.0.213" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf7f23579 code=0x7ffc0000 [ 75.821008][ T25] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 75.828864][ T39] audit: type=1326 audit(1738957195.815:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6680 comm="syz.0.213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23579 code=0x7ffc0000 [ 75.835638][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.839290][ T39] audit: type=1326 audit(1738957195.845:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6680 comm="syz.0.213" exe="/syz-executor" sig=0 arch=40000003 syscall=284 compat=1 ip=0xf7f23579 code=0x7ffc0000 [ 75.857603][ T25] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.861787][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.864643][ T25] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 75.867184][ T6684] netlink: 12 bytes leftover after parsing attributes in process `syz.3.212'. [ 75.869403][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.874808][ T25] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.878196][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.880942][ T25] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 75.884775][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.887496][ T25] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.890974][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.893583][ T25] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 75.897526][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.901044][ T25] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.904333][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.907750][ T25] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 75.912825][ T6685] netlink: 4 bytes leftover after parsing attributes in process `syz.0.213'. [ 75.916357][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.919967][ T25] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.923684][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 75.927679][ T25] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 75.932878][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 75.937807][ T25] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 75.940819][ T25] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 75.943667][ T25] usb 7-1: Product: syz [ 75.944915][ T25] usb 7-1: Manufacturer: syz [ 75.947325][ T39] audit: type=1326 audit(1738957195.955:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.0.213" exe="/syz-executor" sig=0 arch=40000003 syscall=1 compat=1 ip=0xf7f23579 code=0x7ffc0000 [ 75.947390][ T25] usb 7-1: SerialNumber: syz [ 75.958874][ T25] usb 7-1: config 0 descriptor?? [ 75.962369][ T25] yurex 7-1:0.0: Could not find endpoints [ 75.967654][ T39] audit: type=1326 audit(1738957195.975:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6680 comm="syz.0.213" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f23598 code=0x7ffc0000 [ 75.974784][ T39] audit: type=1326 audit(1738957195.975:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6680 comm="syz.0.213" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f23579 code=0x7ffc0000 [ 76.095213][ T6690] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 76.166918][ T25] usb 7-1: USB disconnect, device number 5 [ 76.358800][ T6694] overlayfs: upper fs does not support file handles, falling back to index=off. [ 76.364730][ T6695] ucma_write: process 167 (syz.0.216) changed security contexts after opening file descriptor, this is not allowed. [ 77.014203][ T6712] pimreg3: entered allmulticast mode [ 77.029240][ T6714] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 77.179567][ T6724] warning: `syz.3.228' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 77.198253][ T67] Bluetooth: hci0: command tx timeout [ 77.210301][ T6725] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 77.572949][ T6736] trusted_key: encrypted_key: insufficient parameters specified [ 77.984403][ T6744] netlink: 8 bytes leftover after parsing attributes in process `syz.1.234'. [ 78.502405][ T6754] netlink: 8 bytes leftover after parsing attributes in process `syz.3.238'. [ 78.626864][ T6754] netlink: 24 bytes leftover after parsing attributes in process `syz.3.238'. [ 79.167215][ T6769] netlink: 8 bytes leftover after parsing attributes in process `syz.1.241'. [ 79.170012][ T6769] netlink: 4 bytes leftover after parsing attributes in process `syz.1.241'. [ 79.170748][ T6771] netlink: 20 bytes leftover after parsing attributes in process `syz.2.242'. [ 79.259920][ T6772] syz1: rxe_newlink: already configured on ipvlan0 [ 80.057786][ T6783] input: syz0 as /devices/virtual/input/input14 [ 80.189002][ T6787] netlink: 4 bytes leftover after parsing attributes in process `syz.2.246'. [ 80.191608][ T6787] bridge_slave_1: left allmulticast mode [ 80.193350][ T6787] bridge_slave_1: left promiscuous mode [ 80.196138][ T6787] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.202417][ T6787] bridge_slave_0: left allmulticast mode [ 80.204123][ T6787] bridge_slave_0: left promiscuous mode [ 80.207625][ T6787] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.607272][ T6794] veth1_macvtap: left promiscuous mode [ 80.993516][ T6799] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 81.074915][ T1016] cfg80211: failed to load regulatory.db [ 81.255293][ T1323] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 81.425807][ T1323] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 81.428981][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.432033][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.434718][ T1323] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 81.438912][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.441977][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.445012][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.447896][ T1323] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 81.454040][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.457985][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.462070][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.466859][ T1323] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 81.471746][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.475922][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.478899][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.482560][ T1323] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 81.488652][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.493931][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.498149][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.502026][ T1323] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 81.509122][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.513154][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.517223][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.522083][ T1323] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 81.528215][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.532253][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.537464][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.541210][ T1323] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 81.548175][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.552194][ T1323] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.565152][ T1323] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 81.567815][ T1323] usb 7-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 81.571563][ T1323] usb 7-1: config 0 interface 0 has no altsetting 0 [ 81.575168][ T1323] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 81.577860][ T1323] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 81.582481][ T1323] usb 7-1: Product: syz [ 81.584917][ T1323] usb 7-1: Manufacturer: syz [ 81.587484][ T1323] usb 7-1: SerialNumber: syz [ 81.590965][ T1323] usb 7-1: config 0 descriptor?? [ 81.596160][ T1323] yurex 7-1:0.0: Could not find endpoints [ 81.800829][ T6085] usb 7-1: USB disconnect, device number 6 [ 81.802277][ T6809] netlink: 20 bytes leftover after parsing attributes in process `syz.1.254'. [ 81.891779][ T6814] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 82.147522][ T6819] 9pnet_virtio: no channels available for device [ 82.783019][ T6830] ubi: mtd0 is already attached to ubi31 [ 82.891708][ T6837] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 82.930171][ T39] kauditd_printk_skb: 1 callbacks suppressed [ 82.930181][ T39] audit: type=1804 audit(1738957202.935:16): pid=6838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.263" name="file0" dev="ramfs" ino=15674 res=1 errno=0 [ 83.327960][ T6848] netlink: 20 bytes leftover after parsing attributes in process `syz.3.268'. [ 83.427713][ T6849] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 84.238238][ T6859] trusted_key: encrypted_key: insufficient parameters specified [ 84.249538][ T6862] SET target dimension over the limit! [ 84.263546][ T6860] netlink: 4 bytes leftover after parsing attributes in process `syz.0.271'. [ 84.354677][ T6863] netlink: 20 bytes leftover after parsing attributes in process `syz.1.270'. [ 84.425345][ T6866] FAULT_INJECTION: forcing a failure. [ 84.425345][ T6866] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 84.430423][ T6866] CPU: 0 UID: 0 PID: 6866 Comm: syz.3.272 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 84.430467][ T6866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 84.430477][ T6866] Call Trace: [ 84.430482][ T6866] [ 84.430488][ T6866] dump_stack_lvl+0x16c/0x1f0 [ 84.430516][ T6866] should_fail_ex+0x50a/0x650 [ 84.430537][ T6866] _copy_from_user+0x2e/0xd0 [ 84.430558][ T6866] get_compat_msghdr+0xa8/0x170 [ 84.430579][ T6866] ? __pfx_get_compat_msghdr+0x10/0x10 [ 84.430605][ T6866] ___sys_sendmsg+0x1b0/0x1e0 [ 84.430623][ T6866] ? __pfx____sys_sendmsg+0x10/0x10 [ 84.430646][ T6866] ? __pfx_lock_release+0x10/0x10 [ 84.430664][ T6866] ? trace_lock_acquire+0x14e/0x1f0 [ 84.430684][ T6866] ? __fget_files+0x206/0x3a0 [ 84.430706][ T6866] __sys_sendmsg+0x16e/0x220 [ 84.430722][ T6866] ? __pfx___sys_sendmsg+0x10/0x10 [ 84.430750][ T6866] __do_fast_syscall_32+0x73/0x120 [ 84.430766][ T6866] do_fast_syscall_32+0x32/0x80 [ 84.430781][ T6866] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 84.430810][ T6866] RIP: 0023:0xf7fb4579 [ 84.430822][ T6866] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 84.430836][ T6866] RSP: 002b:00000000f50b555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 84.430851][ T6866] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000000 [ 84.430860][ T6866] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.430869][ T6866] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 84.430877][ T6866] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 84.430885][ T6866] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 84.430903][ T6866] [ 84.656645][ T6878] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 84.674235][ T6879] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 85.163525][ T6884] autofs: Unknown parameter 'uidus' [ 85.230143][ T6891] netlink: 20 bytes leftover after parsing attributes in process `syz.0.280'. [ 85.252790][ T6892] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 85.299012][ T6893] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 85.563029][ T6897] netlink: 'syz.2.278': attribute type 11 has an invalid length. [ 86.217647][ T6918] netlink: 20 bytes leftover after parsing attributes in process `syz.1.287'. [ 86.475256][ T67] Bluetooth: hci1: command tx timeout [ 86.476973][ T67] Bluetooth: hci2: command tx timeout [ 87.524070][ T6942] ip6gre0: entered promiscuous mode [ 87.526998][ T6942] ip6gre0: entered allmulticast mode [ 87.627884][ T6951] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 87.979173][ T6962] SET target dimension over the limit! [ 88.880354][ T6980] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 89.069017][ T6984] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 90.399538][ T7017] netlink: 'syz.0.318': attribute type 3 has an invalid length. [ 90.402263][ T7017] netlink: 28 bytes leftover after parsing attributes in process `syz.0.318'. [ 90.552738][ T7021] netlink: 20 bytes leftover after parsing attributes in process `syz.0.319'. [ 91.077943][ T7041] netlink: 1304 bytes leftover after parsing attributes in process `syz.2.326'. [ 91.083628][ T7041] FAULT_INJECTION: forcing a failure. [ 91.083628][ T7041] name failslab, interval 1, probability 0, space 0, times 0 [ 91.087956][ T7041] CPU: 1 UID: 0 PID: 7041 Comm: syz.2.326 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 91.087970][ T7041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.087976][ T7041] Call Trace: [ 91.087980][ T7041] [ 91.087986][ T7041] dump_stack_lvl+0x16c/0x1f0 [ 91.088007][ T7041] should_fail_ex+0x50a/0x650 [ 91.088023][ T7041] ? nsim_fib_event_nb+0x1b6/0xec0 [ 91.088035][ T7041] should_failslab+0xc2/0x120 [ 91.088050][ T7041] __kmalloc_cache_noprof+0x68/0x420 [ 91.088065][ T7041] nsim_fib_event_nb+0x1b6/0xec0 [ 91.088076][ T7041] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 91.088091][ T7041] ? rcu_is_watching+0x12/0xc0 [ 91.088108][ T7041] notifier_call_chain+0xb7/0x410 [ 91.088124][ T7041] ? __pfx_nsim_fib_event_nb+0x10/0x10 [ 91.088135][ T7041] atomic_notifier_call_chain+0x71/0x1c0 [ 91.088151][ T7041] call_fib_notifiers+0x33/0x70 [ 91.088167][ T7041] fib_notify_alias_delete+0x2c0/0x390 [ 91.088185][ T7041] ? __pfx_fib_notify_alias_delete+0x10/0x10 [ 91.088203][ T7041] ? lockdep_rtnl_is_held+0x26/0x40 [ 91.088215][ T7041] ? fib_find_alias+0x20a/0x270 [ 91.088230][ T7041] fib_table_delete+0x625/0x9f0 [ 91.088244][ T7041] ? __pfx_fib_table_delete+0x10/0x10 [ 91.088254][ T7041] ? __lock_acquire+0x2077/0x3c40 [ 91.088266][ T7041] ? lock_acquire+0x2f/0xb0 [ 91.088276][ T7041] ? fib_magic+0x14a/0x5c0 [ 91.088285][ T7041] ? fib_new_table+0x109/0x3f0 [ 91.088298][ T7041] fib_magic+0x363/0x5c0 [ 91.088309][ T7041] ? __pfx_fib_magic+0x10/0x10 [ 91.088329][ T7041] fib_del_ifaddr+0xd20/0x1510 [ 91.088346][ T7041] fib_inetaddr_event+0xbd/0x2c0 [ 91.088377][ T7041] notifier_call_chain+0xb7/0x410 [ 91.088393][ T7041] ? __pfx_fib_inetaddr_event+0x10/0x10 [ 91.088434][ T7041] blocking_notifier_call_chain+0x69/0xa0 [ 91.088456][ T7041] __inet_del_ifa+0x3dd/0xf40 [ 91.088473][ T7041] inet_rtm_deladdr+0x452/0x7c0 [ 91.088487][ T7041] ? __pfx_inet_rtm_deladdr+0x10/0x10 [ 91.088504][ T7041] ? __pfx_inet_rtm_deladdr+0x10/0x10 [ 91.088516][ T7041] rtnetlink_rcv_msg+0x95b/0xea0 [ 91.088526][ T7041] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 91.088535][ T7041] ? __pfx___dev_queue_xmit+0x10/0x10 [ 91.088557][ T7041] netlink_rcv_skb+0x165/0x410 [ 91.088571][ T7041] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 91.088582][ T7041] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 91.088604][ T7041] ? netlink_deliver_tap+0x1ae/0xca0 [ 91.088619][ T7041] netlink_unicast+0x53c/0x7f0 [ 91.088634][ T7041] ? __pfx_netlink_unicast+0x10/0x10 [ 91.088647][ T7041] ? __phys_addr+0xc6/0x150 [ 91.088655][ T7041] ? __phys_addr_symbol+0x30/0x80 [ 91.088669][ T7041] ? __check_object_size+0x488/0x710 [ 91.088684][ T7041] netlink_sendmsg+0x8b8/0xd70 [ 91.088699][ T7041] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.088714][ T7041] ? trace_contention_end+0xee/0x140 [ 91.088733][ T7041] sock_sendmsg+0x369/0x410 [ 91.088747][ T7041] ? __pfx_sock_sendmsg+0x10/0x10 [ 91.088767][ T7041] splice_to_socket+0xaac/0x1040 [ 91.088784][ T7041] ? __pfx_splice_to_socket+0x10/0x10 [ 91.088812][ T7041] ? apparmor_file_permission+0x251/0x400 [ 91.088830][ T7041] ? rw_verify_area+0xcf/0x680 [ 91.088843][ T7041] ? __pfx_splice_to_socket+0x10/0x10 [ 91.088852][ T7041] do_splice+0x146a/0x1f70 [ 91.088867][ T7041] ? __pfx_do_splice+0x10/0x10 [ 91.088875][ T7041] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 91.088888][ T7041] ? __pfx_lock_release+0x10/0x10 [ 91.088899][ T7041] ? trace_lock_acquire+0x14e/0x1f0 [ 91.088909][ T7041] __do_splice+0x327/0x360 [ 91.088920][ T7041] ? __pfx___do_splice+0x10/0x10 [ 91.088927][ T7041] ? __fget_files+0x206/0x3a0 [ 91.088941][ T7041] __ia32_sys_splice+0x189/0x250 [ 91.088952][ T7041] __do_fast_syscall_32+0x73/0x120 [ 91.088962][ T7041] do_fast_syscall_32+0x32/0x80 [ 91.088970][ T7041] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 91.088986][ T7041] RIP: 0023:0xf73ee579 [ 91.088994][ T7041] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 91.089003][ T7041] RSP: 002b:00000000f505555c EFLAGS: 00000296 ORIG_RAX: 0000000000000139 [ 91.089013][ T7041] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000000 [ 91.089018][ T7041] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 000000000000622c [ 91.089023][ T7041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 91.089028][ T7041] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 91.089032][ T7041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 91.089044][ T7041] [ 91.949688][ T7056] overlayfs: overlapping lowerdir path [ 92.753556][ T7072] netlink: 24 bytes leftover after parsing attributes in process `syz.3.336'. [ 92.873486][ T7074] netlink: 20 bytes leftover after parsing attributes in process `syz.3.337'. [ 92.944092][ T7075] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 93.970860][ T7087] overlayfs: overlapping lowerdir path [ 94.975557][ T7100] 9pnet_virtio: no channels available for device [ 95.976766][ T7119] netlink: 92 bytes leftover after parsing attributes in process `syz.0.351'. [ 95.997502][ T7120] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 97.080737][ T7139] overlayfs: failed to verify upper (101/file0, ino=559, err=-116) [ 97.083116][ T7139] overlayfs: failed to verify index dir 'upper' xattr [ 97.085027][ T7139] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 97.917165][ T7150] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 98.839440][ T7169] netlink: 92 bytes leftover after parsing attributes in process `syz.3.364'. [ 99.190800][ T7187] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 99.585251][ T7196] overlayfs: failed to verify upper (80/file0, ino=435, err=-116) [ 99.585298][ T7196] overlayfs: failed to verify index dir 'upper' xattr [ 99.585303][ T7196] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 99.673225][ T7197] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 99.948800][ T7199] e1000e 0000:00:02.0 eth1: NIC Link is Down usb_generic_handle_packet: ctrl buffer too small (16384 > 4096) [ 102.686165][ T7294] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 103.009827][ T7302] netlink: 92 bytes leftover after parsing attributes in process `syz.2.390'. [ 103.046296][ T7300] netlink: 'syz.1.389': attribute type 1 has an invalid length. [ 103.049403][ T7300] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.389'. [ 103.052839][ T7306] 9pnet_virtio: no channels available for device [ 103.399378][ T7320] netlink: 92 bytes leftover after parsing attributes in process `syz.1.395'. [ 104.073534][ T7334] netlink: 92 bytes leftover after parsing attributes in process `syz.0.399'. [ 104.651089][ T6085] libceph: connect (1)[c::]:6789 error -101 [ 104.653232][ T6085] libceph: mon0 (1)[c::]:6789 connect error [ 104.693886][ T7348] ceph: No mds server is up or the cluster is laggy [ 104.695749][ T7352] fuse: Unknown parameter '0x0000000000000008' [ 104.916036][ T7354] serio: Serial port ptm0 [ 105.281714][ T1323] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 105.288009][ T1167] Bluetooth: Error in BCSP hdr checksum [ 105.303946][ T7364] ipt_REJECT: ECHOREPLY no longer supported. [ 105.392667][ T7369] lo: entered promiscuous mode [ 105.394721][ T7369] tunl0: entered promiscuous mode [ 105.396661][ T7369] gre0: entered promiscuous mode [ 105.398418][ T7369] gretap0: entered promiscuous mode [ 105.400172][ T7369] erspan0: entered promiscuous mode [ 105.401886][ T7369] ip_vti0: entered promiscuous mode [ 105.403753][ T7369] ip6_vti0: entered promiscuous mode [ 105.408500][ T7369] sit0: entered promiscuous mode [ 105.411084][ T7369] ip6tnl0: entered promiscuous mode [ 105.413710][ T7369] ip6gre0: left allmulticast mode [ 105.416459][ T7369] syz_tun: entered promiscuous mode [ 105.419174][ T7369] ip6gretap0: entered promiscuous mode [ 105.421902][ T7369] bridge0: entered promiscuous mode [ 105.424612][ T7369] vcan0: entered promiscuous mode [ 105.425261][ T1451] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 105.427142][ T7369] bond0: entered promiscuous mode [ 105.430804][ T7369] bond_slave_0: entered promiscuous mode [ 105.433282][ T7369] bond_slave_1: entered promiscuous mode [ 105.436539][ T7369] team0: entered promiscuous mode [ 105.438632][ T7369] team_slave_0: entered promiscuous mode [ 105.441119][ T7369] team_slave_1: entered promiscuous mode [ 105.444993][ T7369] dummy0: entered promiscuous mode [ 105.447498][ T1323] usb 6-1: config 128 has an invalid descriptor of length 64, skipping remainder of the config [ 105.449418][ T7369] nlmon0: entered promiscuous mode [ 105.450866][ T1323] usb 6-1: config 128 has 0 interfaces, different from the descriptor's value: 2 [ 105.459512][ T7369] caif0: entered promiscuous mode [ 105.461447][ T7369] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 105.476962][ T1323] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 105.479570][ T1323] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.481830][ T1323] usb 6-1: Product: syz [ 105.481827][ T7369] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 105.483062][ T1323] usb 6-1: Manufacturer: syz [ 105.483072][ T1323] usb 6-1: SerialNumber: syz [ 105.488724][ T7369] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 105.493710][ T7369] vhci_hcd vhci_hcd.0: Device attached [ 105.534292][ T7377] FAULT_INJECTION: forcing a failure. [ 105.534292][ T7377] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 105.539013][ T7377] CPU: 0 UID: 0 PID: 7377 Comm: syz.3.412 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 105.539033][ T7377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 105.539043][ T7377] Call Trace: [ 105.539048][ T7377] [ 105.539055][ T7377] dump_stack_lvl+0x16c/0x1f0 [ 105.539100][ T7377] should_fail_ex+0x50a/0x650 [ 105.539130][ T7377] _copy_from_iter+0x29b/0x1400 [ 105.539179][ T7377] ? trace_lock_acquire+0x14e/0x1f0 [ 105.539195][ T7377] ? __alloc_skb+0x200/0x380 [ 105.539212][ T7377] ? __pfx__copy_from_iter+0x10/0x10 [ 105.539233][ T7377] ? __virt_addr_valid+0x1a4/0x590 [ 105.539253][ T7377] ? __virt_addr_valid+0x5e/0x590 [ 105.539274][ T7377] ? __phys_addr_symbol+0x30/0x80 [ 105.539299][ T7377] ? __check_object_size+0x488/0x710 [ 105.539324][ T7377] netlink_sendmsg+0x813/0xd70 [ 105.539352][ T7377] ? __pfx_netlink_sendmsg+0x10/0x10 [ 105.539384][ T7377] ____sys_sendmsg+0x9ae/0xb40 [ 105.539408][ T7377] ? __pfx_____sys_sendmsg+0x10/0x10 [ 105.539430][ T7377] ? get_compat_msghdr+0x11b/0x170 [ 105.539461][ T7377] ___sys_sendmsg+0x135/0x1e0 [ 105.539480][ T7377] ? __pfx____sys_sendmsg+0x10/0x10 [ 105.539506][ T7377] ? __pfx_lock_release+0x10/0x10 [ 105.539524][ T7377] ? trace_lock_acquire+0x14e/0x1f0 [ 105.539547][ T7377] ? __fget_files+0x206/0x3a0 [ 105.539572][ T7377] __sys_sendmsg+0x16e/0x220 [ 105.539589][ T7377] ? __pfx___sys_sendmsg+0x10/0x10 [ 105.539621][ T7377] __do_fast_syscall_32+0x73/0x120 [ 105.539637][ T7377] do_fast_syscall_32+0x32/0x80 [ 105.539651][ T7377] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 105.539676][ T7377] RIP: 0023:0xf7fb4579 [ 105.539687][ T7377] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 105.539700][ T7377] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 105.539716][ T7377] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000c00 [ 105.539739][ T7377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 105.539749][ T7377] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 105.539758][ T7377] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 105.539766][ T7377] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 105.539794][ T7377] [ 105.553727][ T7371] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(13) [ 105.557673][ T1167] Bluetooth: Error in BCSP hdr checksum [ 105.558924][ T7371] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 105.631467][ T7371] vhci_hcd vhci_hcd.0: Device attached [ 105.641632][ T7379] vhci_hcd: connection closed [ 105.646042][ T7372] vhci_hcd: connection closed [ 105.647686][ T1167] vhci_hcd: stop threads [ 105.652443][ T1167] vhci_hcd: release socket [ 105.656427][ T1451] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 105.656988][ T1167] vhci_hcd: disconnect device [ 105.659557][ T1451] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 105.660440][ T1167] vhci_hcd: stop threads [ 105.663010][ T1451] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 105.664547][ T1167] vhci_hcd: release socket [ 105.668745][ T1451] usb 7-1: config 0 interface 0 has no altsetting 0 [ 105.669795][ T1167] vhci_hcd: disconnect device [ 105.672219][ T1451] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 105.675997][ T1451] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 105.679226][ T1451] usb 7-1: config 0 interface 0 has no altsetting 0 [ 105.682959][ T1451] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 105.685650][ T1451] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 105.688875][ T1451] usb 7-1: config 0 interface 0 has no altsetting 0 [ 105.691986][ T1451] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 105.694998][ T1451] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 105.696049][ T6085] vhci_hcd: vhci_device speed not set [ 105.755383][ T1451] usb 7-1: config 0 interface 0 has no altsetting 0 [ 105.761403][ T1451] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 105.764727][ T1451] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 105.768336][ T1451] usb 7-1: config 0 interface 0 has no altsetting 0 [ 105.768963][ T7354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 105.773151][ T1451] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 105.775486][ T7354] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 105.775903][ T1451] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 105.781725][ T1451] usb 7-1: config 0 interface 0 has no altsetting 0 [ 105.787497][ T1451] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 105.790763][ T1451] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 105.794169][ T1451] usb 7-1: config 0 interface 0 has no altsetting 0 [ 105.798093][ T1451] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 105.801228][ T1451] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 105.804589][ T1451] usb 7-1: config 0 interface 0 has no altsetting 0 [ 105.809585][ T1167] Bluetooth: Error in BCSP hdr checksum [ 105.815980][ T1451] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 105.818712][ T1451] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 105.821818][ T1451] usb 7-1: Product: syz [ 105.823654][ T1451] usb 7-1: Manufacturer: syz [ 105.825823][ T1451] usb 7-1: SerialNumber: syz [ 105.857714][ T1451] usb 7-1: config 0 descriptor?? [ 105.893947][ T1323] usb 6-1: USB disconnect, device number 2 [ 105.916197][ T1451] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 106.091951][ T65] usb 7-1: USB disconnect, device number 7 [ 106.103327][ T65] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 107.036707][ T5954] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 107.037056][ T5965] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 107.039352][ T5954] Bluetooth: hci2: Injecting HCI hardware error event [ 108.486545][ T5954] Bluetooth: hci2: command 0x0405 tx timeout [ 108.505445][ T67] Bluetooth: hci2: hardware error 0x00 [ 108.814006][ T7451] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 109.233915][ T7460] 9pnet_virtio: no channels available for device [ 109.465871][ T7467] 9pnet_virtio: no channels available for device syz [ 109.469929][ T7467] 9pnet_virtio: no channels available for device [ 110.034160][ T7477] netlink: 20 bytes leftover after parsing attributes in process `syz.0.441'. [ 110.125633][ T7478] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 110.228615][ T7480] netlink: 28 bytes leftover after parsing attributes in process `syz.1.442'. [ 110.635236][ T67] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 111.528752][ T7503] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 112.413600][ T7514] netlink: 4 bytes leftover after parsing attributes in process `syz.2.449'. [ 112.425171][ T7514] erspan0: default FDB implementation only supports local addresses [ 112.589715][ T7519] netlink: 28 bytes leftover after parsing attributes in process `syz.0.451'. [ 112.923793][ T7525] netlink: 28 bytes leftover after parsing attributes in process `syz.1.452'. [ 113.066746][ T7529] netlink: 20 bytes leftover after parsing attributes in process `syz.3.453'. [ 113.084030][ T7529] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 113.391635][ T7542] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 113.524489][ T7546] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 114.624357][ T7572] tipc: Started in network mode [ 114.625937][ T7572] tipc: Node identity 7f000001, cluster identity 4711 [ 114.632094][ T7572] tipc: Enabled bearer , priority 10 [ 114.647842][ T7572] tipc: Enabled bearer , priority 0 [ 114.797016][ T7579] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 114.798697][ T1451] IPVS: starting estimator thread 0... [ 114.887991][ T7580] IPVS: using max 39 ests per chain, 93600 per kthread [ 114.983366][ T7592] netlink: 'syz.0.474': attribute type 1 has an invalid length. [ 114.986156][ T7592] netlink: 134708 bytes leftover after parsing attributes in process `syz.0.474'. [ 115.140489][ T7598] sctp: [Deprecated]: syz.0.475 (pid 7598) Use of int in maxseg socket option. [ 115.140489][ T7598] Use struct sctp_assoc_value instead [ 115.256968][ T7603] netlink: 20 bytes leftover after parsing attributes in process `syz.0.477'. [ 115.344027][ T7605] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 115.667006][ T6013] tipc: Node number set to 2130706433 [ 115.783228][ T7609] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 115.785862][ T7609] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 115.789293][ T7609] vhci_hcd vhci_hcd.0: Device attached [ 115.966310][ T35] vhci_hcd: vhci_device speed not set [ 116.035320][ T35] usb 37-1: new low-speed USB device number 3 using vhci_hcd [ 117.008021][ T7628] 9pnet_virtio: no channels available for device [ 117.079589][ T7617] vhci_hcd: connection reset by peer [ 117.086369][ T1167] vhci_hcd: stop threads [ 117.087616][ T1167] vhci_hcd: release socket [ 117.095245][ T1167] vhci_hcd: disconnect device [ 117.453555][ T7645] 9pnet_virtio: no channels available for device [ 117.980507][ T7649] netlink: 'syz.2.488': attribute type 1 has an invalid length. [ 118.022059][ T7651] tipc: Started in network mode [ 118.023728][ T7651] tipc: Node identity 7f000001, cluster identity 4711 [ 118.027149][ T7651] tipc: Enabling of bearer rejected, failed to enable media [ 118.032997][ T7651] tipc: Enabled bearer , priority 0 [ 118.386283][ T7659] FAULT_INJECTION: forcing a failure. [ 118.386283][ T7659] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 118.390349][ T7659] CPU: 1 UID: 0 PID: 7659 Comm: syz.0.492 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 118.390362][ T7659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.390368][ T7659] Call Trace: [ 118.390371][ T7659] [ 118.390376][ T7659] dump_stack_lvl+0x16c/0x1f0 [ 118.390394][ T7659] should_fail_ex+0x50a/0x650 [ 118.390408][ T7659] _copy_to_iter+0x4a5/0x1400 [ 118.390424][ T7659] ? __pfx__copy_to_iter+0x10/0x10 [ 118.390436][ T7659] ? __virt_addr_valid+0x1a4/0x590 [ 118.390448][ T7659] ? __virt_addr_valid+0x5e/0x590 [ 118.390456][ T7659] ? __phys_addr_symbol+0x30/0x80 [ 118.390470][ T7659] ? __check_object_size+0x488/0x710 [ 118.390485][ T7659] seq_read_iter+0xd00/0x12b0 [ 118.390504][ T7659] seq_read+0x39f/0x4e0 [ 118.390519][ T7659] ? __pfx_seq_read+0x10/0x10 [ 118.390539][ T7659] ? rw_verify_area+0xcf/0x680 [ 118.390553][ T7659] ? __pfx_seq_read+0x10/0x10 [ 118.390567][ T7659] vfs_read+0x1df/0xbf0 [ 118.390576][ T7659] ? __fget_files+0x1fc/0x3a0 [ 118.390586][ T7659] ? __pfx___mutex_lock+0x10/0x10 [ 118.390601][ T7659] ? __pfx_vfs_read+0x10/0x10 [ 118.390613][ T7659] ? __fget_files+0x206/0x3a0 [ 118.390626][ T7659] ksys_read+0x12b/0x250 [ 118.390635][ T7659] ? __pfx_ksys_read+0x10/0x10 [ 118.390647][ T7659] __do_fast_syscall_32+0x73/0x120 [ 118.390658][ T7659] do_fast_syscall_32+0x32/0x80 [ 118.390666][ T7659] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 118.390682][ T7659] RIP: 0023:0xf7f23579 [ 118.390689][ T7659] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 118.390698][ T7659] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 118.390707][ T7659] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000400 [ 118.390712][ T7659] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000 [ 118.390717][ T7659] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 118.390722][ T7659] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 118.390726][ T7659] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 118.390737][ T7659] [ 118.461222][ T7664] netlink: 'syz.1.493': attribute type 1 has an invalid length. [ 118.705193][ T833] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 118.855179][ T833] usb 6-1: Using ep0 maxpacket: 16 [ 118.861303][ T833] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.864566][ T833] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.867910][ T833] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 118.871622][ T833] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 118.875190][ T833] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.878667][ T833] usb 6-1: config 0 descriptor?? [ 119.166215][ T1016] tipc: Node number set to 2130706433 [ 119.283435][ T7688] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 119.290646][ T7664] loop6: detected capacity change from 0 to 524287999 [ 119.296380][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 119.299967][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.303988][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 119.307659][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.311849][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 119.315343][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.318557][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 119.321952][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.325548][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 119.329116][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.332343][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 119.335870][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.339141][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 119.342588][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.345814][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 119.349228][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.354352][ T7664] ldm_validate_partition_table(): Disk read failed. [ 119.357446][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 119.361006][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.417861][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 119.421289][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.424543][ T7664] Dev loop6: unable to read RDB block 0 [ 119.428207][ T7664] loop6: unable to read partition table [ 119.430500][ T7664] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 119.432385][ T833] usbhid 6-1:0.0: can't add hid device: -71 [ 119.436098][ T833] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 119.444369][ T833] usb 6-1: USB disconnect, device number 3 [ 119.789812][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804b8e7000: rx timeout, send abort [ 119.794056][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88804b8e7000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 119.799261][ C0] vxcan1: j1939_tp_rxtimer: 0xffff88804b8e6800: rx timeout, send abort [ 120.301709][ C0] vxcan1: j1939_tp_rxtimer: 0xffff88804b8e6800: abort rx timeout. Force session deactivation [ 120.995859][ T834] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 121.057310][ T7716] netlink: 92 bytes leftover after parsing attributes in process `syz.1.508'. [ 121.094133][ T7718] team0: Device gtp0 is of different type [ 121.195331][ T35] vhci_hcd: vhci_device speed not set [ 121.256423][ T7714] netlink: 44 bytes leftover after parsing attributes in process `syz.0.507'. [ 121.275033][ T7723] netlink: 20 bytes leftover after parsing attributes in process `syz.2.511'. [ 121.291750][ T7724] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 121.347774][ T7725] syz1: rxe_newlink: already configured on ipvlan0 [ 122.146065][ T7750] netlink: 92 bytes leftover after parsing attributes in process `syz.2.518'. [ 122.177152][ T7752] capability: warning: `syz.2.519' uses 32-bit capabilities (legacy support in use) [ 122.227842][ T7754] trusted_key: syz.3.520 sent an empty control message without MSG_MORE. [ 122.365789][ T1016] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 122.399061][ T7771] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 122.565211][ T1016] usb 6-1: Using ep0 maxpacket: 16 [ 122.568089][ T1016] usb 6-1: config 0 has an invalid interface number: 132 but max is 0 [ 122.570488][ T1016] usb 6-1: config 0 has no interface number 0 [ 122.573732][ T1016] usb 6-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 122.576754][ T1016] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.579174][ T1016] usb 6-1: Product: syz [ 122.580496][ T1016] usb 6-1: Manufacturer: syz [ 122.582399][ T1016] usb 6-1: SerialNumber: syz [ 122.585734][ T1016] usb 6-1: config 0 descriptor?? [ 122.588529][ T1016] hub 6-1:0.132: bad descriptor, ignoring hub [ 122.625229][ T1016] hub 6-1:0.132: probe with driver hub failed with error -5 [ 122.631815][ T1016] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.132/input/input15 [ 123.211599][ T7780] netlink: 20 bytes leftover after parsing attributes in process `syz.2.526'. [ 123.225868][ T7782] netlink: 92 bytes leftover after parsing attributes in process `syz.3.527'. [ 123.263786][ T1451] usb 6-1: USB disconnect, device number 4 [ 123.274003][ T7786] syz1: rxe_newlink: already configured on ipvlan0 [ 123.518309][ T7791] netlink: 12 bytes leftover after parsing attributes in process `syz.0.525'. [ 123.660105][ T7796] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.663950][ T7796] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.913834][ T7799] netlink: 'syz.1.532': attribute type 1 has an invalid length. [ 123.922417][ T7799] netlink: 4 bytes leftover after parsing attributes in process `syz.1.532'. usb_generic_handle_packet: ctrl buffer too small (16384 > 4096) [ 125.289720][ T7829] evm: overlay not supported usb_generic_handle_packet: ctrl buffer too small (16384 > 4096) [ 126.711331][ T7854] netlink: 92 bytes leftover after parsing attributes in process `syz.0.550'. [ 127.343805][ T7866] futex_wake_op: syz.2.554 tries to shift op by -1; fix this program [ 127.497027][ T7870] 9pnet_virtio: no channels available for device [ 127.558018][ T7872] netlink: 28 bytes leftover after parsing attributes in process `syz.2.557'. [ 127.826715][ T7882] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 128.032526][ T7891] netlink: 4 bytes leftover after parsing attributes in process `syz.1.562'. usb_generic_handle_packet: ctrl buffer too small (16384 > 4096) [ 128.161432][ T7897] FAULT_INJECTION: forcing a failure. [ 128.161432][ T7897] name failslab, interval 1, probability 0, space 0, times 0 [ 128.165686][ T7897] CPU: 1 UID: 0 PID: 7897 Comm: syz.3.565 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 128.165699][ T7897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 128.165705][ T7897] Call Trace: [ 128.165708][ T7897] [ 128.165712][ T7897] dump_stack_lvl+0x16c/0x1f0 [ 128.165742][ T7897] should_fail_ex+0x50a/0x650 [ 128.165759][ T7897] ? fs_reclaim_acquire+0xae/0x150 [ 128.165780][ T7897] should_failslab+0xc2/0x120 [ 128.165793][ T7897] __kmalloc_noprof+0xce/0x4f0 [ 128.165804][ T7897] ? __pfx_perf_event_init_task+0x10/0x10 [ 128.165816][ T7897] ? lsm_blob_alloc+0x68/0x90 [ 128.165829][ T7897] ? __pfx_audit_alloc+0x10/0x10 [ 128.165844][ T7897] lsm_blob_alloc+0x68/0x90 [ 128.165857][ T7897] security_task_alloc+0x2d/0x260 [ 128.165869][ T7897] copy_process+0x211f/0x6f20 [ 128.165889][ T7897] ? __pfx_copy_process+0x10/0x10 [ 128.165904][ T7897] ? lockdep_init_map_type+0x16d/0x7d0 [ 128.165916][ T7897] ? __raw_spin_lock_init+0x3a/0x110 [ 128.165930][ T7897] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 128.165944][ T7897] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 128.165960][ T7897] vhost_task_create+0x1bd/0x2b0 [ 128.165970][ T7897] ? __pfx_vhost_task_create+0x10/0x10 [ 128.165983][ T7897] ? __pfx_vhost_task_fn+0x10/0x10 [ 128.165998][ T7897] kvm_mmu_post_init_vm+0x273/0x380 [ 128.166011][ T7897] kvm_arch_vcpu_ioctl_run+0x66/0x17f0 [ 128.166021][ T7897] ? lock_acquire+0x2f/0xb0 [ 128.166031][ T7897] ? kvm_vcpu_ioctl+0x14be/0x16b0 [ 128.166044][ T7897] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 128.166056][ T7897] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 128.166067][ T7897] ? tomoyo_path_number_perm+0x190/0x5b0 [ 128.166078][ T7897] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 128.166087][ T7897] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 128.166105][ T7897] ? do_vfs_ioctl+0x513/0x1950 [ 128.166120][ T7897] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 128.166141][ T7897] ? __pfx_lock_release+0x10/0x10 [ 128.166152][ T7897] ? trace_lock_acquire+0x14e/0x1f0 [ 128.166162][ T7897] kvm_vcpu_compat_ioctl+0x210/0x3d0 [ 128.166173][ T7897] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 128.166185][ T7897] ? __fget_files+0x206/0x3a0 [ 128.166198][ T7897] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 128.166210][ T7897] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 128.166224][ T7897] __do_fast_syscall_32+0x73/0x120 [ 128.166234][ T7897] do_fast_syscall_32+0x32/0x80 [ 128.166243][ T7897] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 128.166258][ T7897] RIP: 0023:0xf7fb4579 [ 128.166267][ T7897] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 128.166276][ T7897] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 128.166285][ T7897] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 128.166291][ T7897] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 128.166296][ T7897] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 128.166301][ T7897] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 128.166306][ T7897] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 128.166317][ T7897] [ 128.280702][ C1] vkms_vblank_simulate: vblank timer overrun [ 128.618417][ T7908] FAULT_INJECTION: forcing a failure. [ 128.618417][ T7908] name failslab, interval 1, probability 0, space 0, times 0 [ 128.622233][ T7908] CPU: 1 UID: 0 PID: 7908 Comm: syz.2.568 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 128.622246][ T7908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 128.622253][ T7908] Call Trace: [ 128.622256][ T7908] [ 128.622260][ T7908] dump_stack_lvl+0x16c/0x1f0 [ 128.622280][ T7908] should_fail_ex+0x50a/0x650 [ 128.622292][ T7908] ? fs_reclaim_acquire+0xae/0x150 [ 128.622309][ T7908] should_failslab+0xc2/0x120 [ 128.622322][ T7908] __kmalloc_noprof+0xce/0x4f0 [ 128.622333][ T7908] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 128.622345][ T7908] ? tomoyo_realpath_from_path+0xbf/0x710 [ 128.622359][ T7908] tomoyo_realpath_from_path+0xbf/0x710 [ 128.622372][ T7908] ? tomoyo_path_number_perm+0x235/0x5b0 [ 128.622384][ T7908] tomoyo_path_number_perm+0x248/0x5b0 [ 128.622393][ T7908] ? tomoyo_path_number_perm+0x235/0x5b0 [ 128.622403][ T7908] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 128.622424][ T7908] ? __pfx_lock_release+0x10/0x10 [ 128.622434][ T7908] ? trace_lock_acquire+0x14e/0x1f0 [ 128.622444][ T7908] ? lock_acquire+0x2f/0xb0 [ 128.622454][ T7908] ? __fget_files+0x40/0x3a0 [ 128.622466][ T7908] ? __fget_files+0x206/0x3a0 [ 128.622477][ T7908] security_file_ioctl_compat+0x9b/0x240 [ 128.622489][ T7908] __do_compat_sys_ioctl+0x4e/0x2c0 [ 128.622506][ T7908] __do_fast_syscall_32+0x73/0x120 [ 128.622515][ T7908] do_fast_syscall_32+0x32/0x80 [ 128.622524][ T7908] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 128.622540][ T7908] RIP: 0023:0xf73ee579 [ 128.622548][ T7908] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 128.622557][ T7908] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 128.622566][ T7908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c00464c9 [ 128.622571][ T7908] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 128.622577][ T7908] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 128.622582][ T7908] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 128.622587][ T7908] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 128.622598][ T7908] [ 128.622602][ T7908] ERROR: Out of memory at tomoyo_realpath_from_path. [ 128.956362][ T7915] 9pnet_virtio: no channels available for device [ 128.962802][ T7916] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 129.240163][ T7923] netlink: 16 bytes leftover after parsing attributes in process `syz.3.573'. [ 129.340695][ T7930] netlink: 'syz.1.572': attribute type 10 has an invalid length. [ 129.363002][ T7930] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.381701][ T7930] team0: Port device batadv0 added [ 129.673726][ T7935] hsr0: entered promiscuous mode [ 129.676488][ T7935] netlink: 4 bytes leftover after parsing attributes in process `syz.2.576'. [ 129.689809][ T7935] hsr_slave_0: left promiscuous mode [ 129.692921][ T7935] hsr_slave_1: left promiscuous mode [ 129.703878][ T7935] hsr0 (unregistering): left promiscuous mode [ 129.708268][ T7936] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 130.071615][ T7942] 8021q: adding VLAN 0 to HW filter on device bond1 [ 131.345599][ T7971] FAULT_INJECTION: forcing a failure. [ 131.345599][ T7971] name failslab, interval 1, probability 0, space 0, times 0 [ 131.352281][ T7971] CPU: 2 UID: 0 PID: 7971 Comm: syz.3.585 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 131.352296][ T7971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 131.352302][ T7971] Call Trace: [ 131.352305][ T7971] [ 131.352309][ T7971] dump_stack_lvl+0x16c/0x1f0 [ 131.352343][ T7971] should_fail_ex+0x50a/0x650 [ 131.352357][ T7971] ? fs_reclaim_acquire+0xae/0x150 [ 131.352372][ T7971] ? syslog_print_all+0xec/0x3f0 [ 131.352383][ T7971] should_failslab+0xc2/0x120 [ 131.352396][ T7971] __kmalloc_cache_noprof+0x68/0x420 [ 131.352406][ T7971] ? find_held_lock+0x2d/0x110 [ 131.352422][ T7971] syslog_print_all+0xec/0x3f0 [ 131.352432][ T7971] ? find_held_lock+0x2d/0x110 [ 131.352447][ T7971] ? __pfx_syslog_print_all+0x10/0x10 [ 131.352457][ T7971] ? ksys_write+0x191/0x250 [ 131.352468][ T7971] ? rcu_is_watching+0x12/0xc0 [ 131.352486][ T7971] ? bpf_lsm_capable+0x9/0x10 [ 131.352498][ T7971] ? security_capable+0x7e/0x260 [ 131.352514][ T7971] do_syslog+0x326/0x6c0 [ 131.352527][ T7971] ? __pfx_do_syslog+0x10/0x10 [ 131.352539][ T7971] ? __fget_files+0x206/0x3a0 [ 131.352552][ T7971] ? ksys_write+0x1ba/0x250 [ 131.352561][ T7971] ? __pfx_ksys_write+0x10/0x10 [ 131.352572][ T7971] __ia32_sys_syslog+0x73/0xb0 [ 131.352585][ T7971] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 131.352600][ T7971] __do_fast_syscall_32+0x73/0x120 [ 131.352610][ T7971] do_fast_syscall_32+0x32/0x80 [ 131.352630][ T7971] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 131.352645][ T7971] RIP: 0023:0xf7fb4579 [ 131.352653][ T7971] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 131.352662][ T7971] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000067 [ 131.352671][ T7971] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800001c0 [ 131.352677][ T7971] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 131.352682][ T7971] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 131.352687][ T7971] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 131.352692][ T7971] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 131.352703][ T7971] [ 131.666983][ T7973] process 'syz.3.586' launched './file2' with NULL argv: empty string added [ 132.247689][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.250298][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.504790][ T7994] netlink: 12 bytes leftover after parsing attributes in process `syz.2.589'. [ 133.178878][ T8010] FAULT_INJECTION: forcing a failure. [ 133.178878][ T8010] name failslab, interval 1, probability 0, space 0, times 0 [ 133.182592][ T8010] CPU: 3 UID: 0 PID: 8010 Comm: syz.1.594 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 133.182606][ T8010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.182612][ T8010] Call Trace: [ 133.182615][ T8010] [ 133.182619][ T8010] dump_stack_lvl+0x16c/0x1f0 [ 133.182637][ T8010] should_fail_ex+0x50a/0x650 [ 133.182652][ T8010] should_failslab+0xc2/0x120 [ 133.182664][ T8010] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 133.182675][ T8010] ? lockdep_hardirqs_on+0x7c/0x110 [ 133.182689][ T8010] ? __alloc_skb+0x2b3/0x380 [ 133.182700][ T8010] __alloc_skb+0x2b3/0x380 [ 133.182709][ T8010] ? __pfx___alloc_skb+0x10/0x10 [ 133.182717][ T8010] ? rt6_nlmsg_size+0xb0/0x450 [ 133.182726][ T8010] ? __pfx_rt6_nh_age_exceptions+0x10/0x10 [ 133.182736][ T8010] ? notifier_call_chain+0x36c/0x410 [ 133.182751][ T8010] ? __pfx_nsim_fib_event_nb+0x10/0x10 [ 133.182764][ T8010] inet6_rt_notify+0xc7/0x260 [ 133.182778][ T8010] fib6_add+0x371d/0x4b20 [ 133.182798][ T8010] ? __pfx_fib6_add+0x10/0x10 [ 133.182813][ T8010] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 133.182827][ T8010] ? lock_acquire+0x2f/0xb0 [ 133.182838][ T8010] ? ip6_route_add+0x7b/0x1c0 [ 133.182850][ T8010] ? ip6_route_add+0x8d/0x1c0 [ 133.182860][ T8010] ip6_route_add+0x8d/0x1c0 [ 133.182872][ T8010] inet6_rtm_newroute+0x164/0x170 [ 133.182884][ T8010] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 133.182934][ T8010] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 133.182952][ T8010] rtnetlink_rcv_msg+0x3c7/0xea0 [ 133.182963][ T8010] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 133.182972][ T8010] ? __pfx___dev_queue_xmit+0x10/0x10 [ 133.182990][ T8010] netlink_rcv_skb+0x165/0x410 [ 133.183004][ T8010] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 133.183014][ T8010] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 133.183033][ T8010] ? netlink_deliver_tap+0x1ae/0xca0 [ 133.183048][ T8010] netlink_unicast+0x53c/0x7f0 [ 133.183063][ T8010] ? __pfx_netlink_unicast+0x10/0x10 [ 133.183076][ T8010] ? __phys_addr_symbol+0x30/0x80 [ 133.183097][ T8010] ? __check_object_size+0x488/0x710 [ 133.183110][ T8010] netlink_sendmsg+0x8b8/0xd70 [ 133.183125][ T8010] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.183143][ T8010] ____sys_sendmsg+0x9ae/0xb40 [ 133.183157][ T8010] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.183169][ T8010] ? get_compat_msghdr+0x11b/0x170 [ 133.183186][ T8010] ___sys_sendmsg+0x135/0x1e0 [ 133.183197][ T8010] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.183211][ T8010] ? __pfx_lock_release+0x10/0x10 [ 133.183222][ T8010] ? trace_lock_acquire+0x14e/0x1f0 [ 133.183235][ T8010] ? __fget_files+0x206/0x3a0 [ 133.183249][ T8010] __sys_sendmsg+0x16e/0x220 [ 133.183259][ T8010] ? __pfx___sys_sendmsg+0x10/0x10 [ 133.183276][ T8010] __do_fast_syscall_32+0x73/0x120 [ 133.183286][ T8010] do_fast_syscall_32+0x32/0x80 [ 133.183294][ T8010] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 133.183309][ T8010] RIP: 0023:0xf7f40579 [ 133.183318][ T8010] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 133.183327][ T8010] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 133.183336][ T8010] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000800004c0 [ 133.183342][ T8010] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 133.183347][ T8010] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 133.183351][ T8010] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 133.183356][ T8010] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 133.183367][ T8010] [ 133.559750][ T8021] block nbd2: shutting down sockets [ 133.567154][ T8025] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 133.764359][ T8028] netlink: 28 bytes leftover after parsing attributes in process `syz.2.599'. [ 134.213830][ T8034] netlink: 20 bytes leftover after parsing attributes in process `syz.0.600'. [ 134.364471][ T8036] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 135.280317][ T8059] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 135.282396][ T8059] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 135.284870][ T8059] vhci_hcd vhci_hcd.0: Device attached [ 135.526157][ T35] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 135.555325][ T834] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 135.582611][ T8064] FAULT_INJECTION: forcing a failure. [ 135.582611][ T8064] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 135.587844][ T8064] CPU: 3 UID: 0 PID: 8064 Comm: syz.1.607 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 135.587909][ T8064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.587916][ T8064] Call Trace: [ 135.587919][ T8064] [ 135.587923][ T8064] dump_stack_lvl+0x16c/0x1f0 [ 135.587943][ T8064] should_fail_ex+0x50a/0x650 [ 135.587956][ T8064] _copy_from_user+0x2e/0xd0 [ 135.587980][ T8064] cmsghdr_from_user_compat_to_kern+0x4f0/0x7c0 [ 135.587997][ T8064] ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10 [ 135.588014][ T8064] ____sys_sendmsg+0x43d/0xb40 [ 135.588027][ T8064] ? __pfx_____sys_sendmsg+0x10/0x10 [ 135.588039][ T8064] ? get_compat_msghdr+0x11b/0x170 [ 135.588056][ T8064] ___sys_sendmsg+0x135/0x1e0 [ 135.588066][ T8064] ? __pfx____sys_sendmsg+0x10/0x10 [ 135.588080][ T8064] ? trace_lock_acquire+0x14e/0x1f0 [ 135.588098][ T8064] __sys_sendmmsg+0x2fa/0x420 [ 135.588109][ T8064] ? __pfx___sys_sendmmsg+0x10/0x10 [ 135.588122][ T8064] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 135.588142][ T8064] ? fput+0x67/0x440 [ 135.588154][ T8064] ? ksys_write+0x1ba/0x250 [ 135.588163][ T8064] ? __pfx_ksys_write+0x10/0x10 [ 135.588174][ T8064] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 135.588187][ T8064] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 135.588202][ T8064] __do_fast_syscall_32+0x73/0x120 [ 135.588212][ T8064] do_fast_syscall_32+0x32/0x80 [ 135.588221][ T8064] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 135.588236][ T8064] RIP: 0023:0xf7f40579 [ 135.588244][ T8064] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 135.588254][ T8064] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 135.588263][ T8064] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080003340 [ 135.588269][ T8064] RDX: 0000000000000001 RSI: 00000000000007e7 RDI: 0000000000000000 [ 135.588274][ T8064] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 135.588279][ T8064] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 135.588285][ T8064] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 135.588295][ T8064] [ 135.705494][ T834] usb 7-1: device descriptor read/64, error -71 [ 135.744995][ T8082] netlink: 20 bytes leftover after parsing attributes in process `syz.1.613'. [ 135.762281][ T8078] ================================================================== [ 135.765521][ T8078] BUG: KASAN: slab-use-after-free in skb_release_data+0x101/0x730 [ 135.768251][ T8078] Read of size 4 at addr ffff888012e87760 by task syz.3.612/8078 [ 135.772197][ T8078] [ 135.773422][ T8078] CPU: 1 UID: 0 PID: 8078 Comm: syz.3.612 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 135.773439][ T8078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 135.773451][ T8078] Call Trace: [ 135.773457][ T8078] [ 135.773465][ T8078] dump_stack_lvl+0x116/0x1f0 [ 135.773494][ T8078] print_report+0xc3/0x620 [ 135.773515][ T8078] ? __virt_addr_valid+0x5e/0x590 [ 135.773531][ T8078] ? __phys_addr+0xc6/0x150 [ 135.773547][ T8078] kasan_report+0xd9/0x110 [ 135.773565][ T8078] ? skb_release_data+0x101/0x730 [ 135.773582][ T8078] ? skb_release_data+0x101/0x730 [ 135.773601][ T8078] kasan_check_range+0xef/0x1a0 [ 135.773625][ T8078] skb_release_data+0x101/0x730 [ 135.773639][ T8078] ? skb_queue_purge_reason+0x2ab/0x410 [ 135.773658][ T8078] ? __pfx_sock_rfree+0x10/0x10 [ 135.773675][ T8078] sk_skb_reason_drop+0x129/0x1a0 [ 135.773691][ T8078] skb_queue_purge_reason+0x2ab/0x410 [ 135.773708][ T8078] ? find_held_lock+0x2d/0x110 [ 135.773729][ T8078] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 135.773748][ T8078] ? mark_held_locks+0x9f/0xe0 [ 135.773766][ T8078] packet_release+0x82c/0xd90 [ 135.773783][ T8078] ? __pfx_packet_release+0x10/0x10 [ 135.773797][ T8078] ? __pfx_down_write+0x10/0x10 [ 135.773814][ T8078] __sock_release+0xb0/0x270 [ 135.773829][ T8078] ? __pfx_sock_close+0x10/0x10 [ 135.773843][ T8078] sock_close+0x1c/0x30 [ 135.773856][ T8078] __fput+0x3ff/0xb70 [ 135.773874][ T8078] ? _raw_spin_unlock_irq+0x23/0x50 [ 135.773893][ T8078] task_work_run+0x14e/0x250 [ 135.773909][ T8078] ? __pfx_task_work_run+0x10/0x10 [ 135.773927][ T8078] ? do_raw_spin_unlock+0x172/0x230 [ 135.773950][ T8078] do_exit+0xad8/0x2d70 [ 135.773964][ T8078] ? get_signal+0x8f7/0x2610 [ 135.773983][ T8078] ? __pfx_do_exit+0x10/0x10 [ 135.773994][ T8078] ? do_raw_spin_lock+0x12d/0x2c0 [ 135.774023][ T8078] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 135.774047][ T8078] do_group_exit+0xd3/0x2a0 [ 135.774062][ T8078] get_signal+0x2576/0x2610 [ 135.774086][ T8078] ? __pfx_get_signal+0x10/0x10 [ 135.774108][ T8078] arch_do_signal_or_restart+0x90/0x7e0 [ 135.774126][ T8078] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 135.774146][ T8078] syscall_exit_to_user_mode+0x150/0x2a0 [ 135.774170][ T8078] __do_fast_syscall_32+0x80/0x120 [ 135.774185][ T8078] do_fast_syscall_32+0x32/0x80 [ 135.774199][ T8078] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 135.774224][ T8078] RIP: 0023:0xf7fb4579 [ 135.774235][ T8078] Code: Unable to access opcode bytes at 0xf7fb454f. [ 135.774241][ T8078] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 135.774253][ T8078] RAX: 0000000000000068 RBX: 0000000000000005 RCX: 0000000080000000 [ 135.774262][ T8078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 135.774271][ T8078] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 135.774279][ T8078] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 135.774287][ T8078] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 135.774300][ T8078] [ 135.774305][ T8078] [ 135.853258][ T8085] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 135.853362][ T8078] Allocated by task 8079: [ 135.853372][ T8078] kasan_save_stack+0x33/0x60 [ 135.872208][ T8078] kasan_save_track+0x14/0x30 [ 135.873575][ T8078] __kasan_slab_alloc+0x89/0x90 [ 135.874913][ T8078] kmem_cache_alloc_node_noprof+0x1ca/0x3b0 [ 135.876528][ T8078] kmalloc_reserve+0x18b/0x2c0 [ 135.878090][ T8078] __alloc_skb+0x164/0x380 [ 135.879857][ T8078] alloc_skb_with_frags+0xe4/0x850 [ 135.881860][ T8078] sock_alloc_send_pskb+0x7f1/0x980 [ 135.883981][ T8078] packet_sendmsg+0x1fd3/0x56c0 [ 135.885993][ T8078] __sys_sendto+0x488/0x4f0 [ 135.887824][ T8078] __ia32_sys_sendto+0xdd/0x1b0 [ 135.889749][ T8078] __do_fast_syscall_32+0x73/0x120 [ 135.891779][ T8078] do_fast_syscall_32+0x32/0x80 [ 135.893733][ T8078] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 135.896218][ T8078] [ 135.897175][ T8078] Freed by task 8078: [ 135.898710][ T8078] kasan_save_stack+0x33/0x60 [ 135.900546][ T8078] kasan_save_track+0x14/0x30 [ 135.902399][ T8078] kasan_save_free_info+0x3b/0x60 [ 135.904344][ T8078] __kasan_slab_free+0x51/0x70 [ 135.906133][ T8078] kmem_cache_free+0x2e2/0x4d0 [ 135.908005][ T8078] skb_free_head+0x18a/0x1d0 [ 135.909794][ T8078] skb_release_data+0x560/0x730 [ 135.911702][ T8078] sk_skb_reason_drop+0x129/0x1a0 [ 135.913695][ T8078] skb_queue_purge_reason+0x2ab/0x410 [ 135.915856][ T8078] packet_release+0x82c/0xd90 [ 135.917699][ T8078] __sock_release+0xb0/0x270 [ 135.919492][ T8078] sock_close+0x1c/0x30 [ 135.921136][ T8078] __fput+0x3ff/0xb70 [ 135.922721][ T8078] task_work_run+0x14e/0x250 [ 135.924248][ T8078] do_exit+0xad8/0x2d70 [ 135.925428][ T8078] do_group_exit+0xd3/0x2a0 [ 135.926736][ T8078] get_signal+0x2576/0x2610 [ 135.928391][ T8078] arch_do_signal_or_restart+0x90/0x7e0 [ 135.930129][ T8078] syscall_exit_to_user_mode+0x150/0x2a0 [ 135.932349][ T8078] __do_fast_syscall_32+0x80/0x120 [ 135.933954][ T8078] do_fast_syscall_32+0x32/0x80 [ 135.935358][ T8078] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 135.937240][ T8078] [ 135.938201][ T8078] The buggy address belongs to the object at ffff888012e87600 [ 135.938201][ T8078] which belongs to the cache skbuff_small_head of size 640 [ 135.942584][ T8078] The buggy address is located 352 bytes inside of [ 135.942584][ T8078] freed 640-byte region [ffff888012e87600, ffff888012e87880) [ 135.946397][ T8078] [ 135.947043][ T8078] The buggy address belongs to the physical page: [ 135.948985][ T8078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12e84 [ 135.951467][ T8078] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 135.953862][ T8078] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 135.956010][ T8078] page_type: f5(slab) [ 135.957164][ T8078] raw: 00fff00000000040 ffff888041ae2b40 ffffea00009b4b00 dead000000000002 [ 135.960067][ T8078] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 135.963436][ T8078] head: 00fff00000000040 ffff888041ae2b40 ffffea00009b4b00 dead000000000002 [ 135.966781][ T8078] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000 [ 135.970222][ T8078] head: 00fff00000000002 ffffea00004ba101 ffffffffffffffff 0000000000000000 [ 135.973723][ T8078] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 135.977113][ T8078] page dumped because: kasan: bad access detected [ 135.979577][ T8078] page_owner tracks the page as allocated [ 135.981656][ T8078] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5934, tgid 5934 (sshd), ts 118699710654, free_ts 118365485076 [ 135.989058][ T8078] post_alloc_hook+0x181/0x1b0 [ 135.990425][ T8078] get_page_from_freelist+0xfce/0x2f80 [ 135.991990][ T8078] __alloc_frozen_pages_noprof+0x221/0x2470 [ 135.993703][ T8078] alloc_pages_mpol+0x1fc/0x540 [ 135.995129][ T8078] new_slab+0x23d/0x330 [ 135.996288][ T8078] ___slab_alloc+0xbfa/0x1600 [ 135.997598][ T8078] __slab_alloc.constprop.0+0x56/0xb0 [ 135.999141][ T8078] kmem_cache_alloc_node_noprof+0xf2/0x3b0 [ 136.000797][ T8078] kmalloc_reserve+0x18b/0x2c0 [ 136.002174][ T8078] __alloc_skb+0x164/0x380 [ 136.003474][ T8078] tcp_stream_alloc_skb+0x34/0x570 [ 136.004936][ T8078] tcp_sendmsg_locked+0xf13/0x37c0 [ 136.006402][ T8078] tcp_sendmsg+0x2e/0x50 [ 136.007643][ T8078] inet_sendmsg+0xb9/0x140 [ 136.008942][ T8078] sock_write_iter+0x4ac/0x5b0 [ 136.010356][ T8078] vfs_write+0x5ae/0x1150 [ 136.011623][ T8078] page last free pid 16 tgid 16 stack trace: [ 136.013327][ T8078] free_frozen_pages+0x6db/0xfb0 [ 136.014746][ T8078] tlb_remove_table_rcu+0x116/0x1a0 [ 136.016236][ T8078] rcu_core+0x79d/0x14d0 [ 136.017417][ T8078] handle_softirqs+0x213/0x8f0 [ 136.018805][ T8078] run_ksoftirqd+0x3a/0x60 [ 136.020098][ T8078] smpboot_thread_fn+0x661/0xa30 [ 136.021583][ T8078] kthread+0x3af/0x750 [ 136.022783][ T8078] ret_from_fork+0x45/0x80 [ 136.024060][ T8078] ret_from_fork_asm+0x1a/0x30 [ 136.025387][ T8078] [ 136.026090][ T8078] Memory state around the buggy address: [ 136.027689][ T8078] ffff888012e87600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 136.029959][ T8078] ffff888012e87680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 136.032239][ T8078] >ffff888012e87700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 136.034528][ T8078] ^ [ 136.036561][ T8078] ffff888012e87780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 136.038824][ T8078] ffff888012e87800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 136.041084][ T8078] ================================================================== [ 136.044464][ T8078] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 136.046533][ T8078] CPU: 1 UID: 0 PID: 8078 Comm: syz.3.612 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0 [ 136.049518][ T8078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 136.052592][ T8078] Call Trace: [ 136.053554][ T8078] [ 136.054419][ T8078] dump_stack_lvl+0x3d/0x1f0 [ 136.055782][ T8078] panic+0x71d/0x800 [ 136.056915][ T8078] ? __pfx_panic+0x10/0x10 [ 136.058217][ T8078] ? preempt_schedule_thunk+0x1a/0x30 [ 136.059772][ T8078] ? preempt_schedule_common+0x44/0xc0 [ 136.061346][ T8078] ? check_panic_on_warn+0x1f/0xb0 [ 136.062829][ T8078] check_panic_on_warn+0xab/0xb0 [ 136.064209][ T8078] end_report+0x117/0x180 [ 136.065464][ T8078] kasan_report+0xe9/0x110 [ 136.066757][ T8078] ? skb_release_data+0x101/0x730 [ 136.068217][ T8078] ? skb_release_data+0x101/0x730 [ 136.069668][ T8078] kasan_check_range+0xef/0x1a0 [ 136.071085][ T8078] skb_release_data+0x101/0x730 [ 136.072510][ T8078] ? skb_queue_purge_reason+0x2ab/0x410 [ 136.074099][ T8078] ? __pfx_sock_rfree+0x10/0x10 [ 136.075505][ T8078] sk_skb_reason_drop+0x129/0x1a0 [ 136.076952][ T8078] skb_queue_purge_reason+0x2ab/0x410 [ 136.078494][ T8078] ? find_held_lock+0x2d/0x110 [ 136.079878][ T8078] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 136.081570][ T8078] ? mark_held_locks+0x9f/0xe0 [ 136.082930][ T8078] packet_release+0x82c/0xd90 [ 136.084291][ T8078] ? __pfx_packet_release+0x10/0x10 [ 136.085786][ T8078] ? __pfx_down_write+0x10/0x10 [ 136.087230][ T8078] __sock_release+0xb0/0x270 [ 136.088582][ T8078] ? __pfx_sock_close+0x10/0x10 [ 136.089986][ T8078] sock_close+0x1c/0x30 [ 136.091203][ T8078] __fput+0x3ff/0xb70 [ 136.092355][ T8078] ? _raw_spin_unlock_irq+0x23/0x50 [ 136.093844][ T8078] task_work_run+0x14e/0x250 [ 136.095185][ T8078] ? __pfx_task_work_run+0x10/0x10 [ 136.096653][ T8078] ? do_raw_spin_unlock+0x172/0x230 [ 136.098157][ T8078] do_exit+0xad8/0x2d70 [ 136.099373][ T8078] ? get_signal+0x8f7/0x2610 [ 136.100712][ T8078] ? __pfx_do_exit+0x10/0x10 [ 136.102038][ T8078] ? do_raw_spin_lock+0x12d/0x2c0 [ 136.103519][ T8078] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 136.105059][ T8078] do_group_exit+0xd3/0x2a0 [ 136.106368][ T8078] get_signal+0x2576/0x2610 [ 136.107710][ T8078] ? __pfx_get_signal+0x10/0x10 [ 136.109128][ T8078] arch_do_signal_or_restart+0x90/0x7e0 [ 136.110709][ T8078] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 136.112438][ T8078] syscall_exit_to_user_mode+0x150/0x2a0 [ 136.114058][ T8078] __do_fast_syscall_32+0x80/0x120 [ 136.115560][ T8078] do_fast_syscall_32+0x32/0x80 [ 136.116980][ T8078] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 136.118801][ T8078] RIP: 0023:0xf7fb4579 [ 136.119991][ T8078] Code: Unable to access opcode bytes at 0xf7fb454f. [ 136.121890][ T8078] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 136.124284][ T8078] RAX: 0000000000000068 RBX: 0000000000000005 RCX: 0000000080000000 [ 136.126522][ T8078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 136.128776][ T8078] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 136.131026][ T8078] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 136.133293][ T8078] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 136.135528][ T8078] [ 136.137066][ T8078] Kernel Offset: disabled [ 136.138318][ T8078] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:40:55 Registers: info registers vcpu 0 CPU#0 RAX=000000000039cb95 RBX=0000000000000000 RCX=ffffffff8b469e39 RDX=0000000000000000 RSI=ffffffff8b6ce5c0 RDI=ffffffff8bd2d220 RBP=fffffbfff1bd2ee8 RSP=ffffffff8de07e20 R8 =0000000000000001 R9 =ffffed1005686f85 R10=ffff88802b437c2b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8de97740 R14=ffffffff905fd910 R15=0000000000000000 RIP=ffffffff8b46b21f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f71e3410 CR3=0000000043f10000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000079 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85386e25 RDI=ffffffff9aad2e20 RBP=ffffffff9aad2de0 RSP=ffffc900207ef1f8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000079 R14=ffffffff9aad2de0 R15=0000000000000000 RIP=ffffffff85386e4f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b500000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000066254000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000009 RCX=ffffffff84c2ee9e RDX=ffff88802579c880 RSI=0000000000000008 RDI=0000000000000001 RBP=ffffc90003477450 RSP=ffffc900034771e0 R8 =0000000000000001 R9 =0000000000000008 R10=000000000000000f R11=0000000000000002 R12=000000000000000f R13=ffffc90003477298 R14=ffff888029239328 R15=ffffc90003477458 RIP=ffffffff81b8ecc0 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fc0c153cd00 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000555d41152000 CR3=0000000049fa4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=f46c92e6f46c92e6 f46c92e6f46c92e6 f46c92e6f46c92e6 f46c92e6f46c92e6 f46c92e6f46c92e6 f46c92e6f46c92e6 f46c92e6f46c92e6 f46c92e6f46c92e6 ZMM22=3812cf0b3812cf0b 3812cf0b3812cf0b 3812cf0b3812cf0b 3812cf0b3812cf0b 3812cf0b3812cf0b 3812cf0b3812cf0b 3812cf0b3812cf0b 3812cf0b3812cf0b ZMM23=bdebbefdbdebbefd bdebbefdbdebbefd bdebbefdbdebbefd bdebbefdbdebbefd bdebbefdbdebbefd bdebbefdbdebbefd bdebbefdbdebbefd bdebbefdbdebbefd ZMM24=9bb9731f9bb9731f 9bb9731f9bb9731f 9bb9731f9bb9731f 9bb9731f9bb9731f 9bb9731f9bb9731f 9bb9731f9bb9731f 9bb9731f9bb9731f 9bb9731f9bb9731f ZMM25=bb4df8cdbb4df8cd bb4df8cdbb4df8cd bb4df8cdbb4df8cd bb4df8cdbb4df8cd bb4df8cdbb4df8cd bb4df8cdbb4df8cd bb4df8cdbb4df8cd bb4df8cdbb4df8cd ZMM26=4e555e4a4e555e4a 4e555e4a4e555e4a 4e555e4a4e555e4a 4e555e4a4e555e4a 4e555e4a4e555e4a 4e555e4a4e555e4a 4e555e4a4e555e4a 4e555e4a4e555e4a ZMM27=86b36d5386b36d53 86b36d5386b36d53 86b36d5386b36d53 86b36d5386b36d53 86b36d5386b36d53 86b36d5386b36d53 86b36d5386b36d53 86b36d5386b36d53 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=5309000053090000 5309000053090000 5309000053090000 5309000053090000 5309000053090000 5309000053090000 5309000053090000 5309000053090000 info registers vcpu 3 CPU#3 RAX=0000000000166549 RBX=0000000000000003 RCX=ffffffff8b469e39 RDX=0000000000000000 RSI=ffffffff8b6ce5c0 RDI=ffffffff8bd2d220 RBP=ffffed1003ad8488 RSP=ffffc9000049fe08 R8 =0000000000000001 R9 =ffffed10056e6f85 R10=ffff88802b737c2b R11=0000000000000000 R12=0000000000000003 R13=ffff88801d6c2440 R14=ffffffff905fd910 R15=0000000000000000 RIP=ffffffff8b46b21f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c35f83b CR3=0000000000e42000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000