last executing test programs: 3.708392314s ago: executing program 0 (id=251): r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) r2 = socket$nl_route(0x10, 0x3, 0x0) mkdir(0x0, 0x6d) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r1, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 3.657805147s ago: executing program 0 (id=253): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() r1 = msgget(0x2, 0x600) msgrcv(r1, 0xfffffffffffffffe, 0x0, 0x0, 0x1000) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) unshare(0x20040600) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000680001000000000000000000020000fffff00000080006000100000004000b"], 0x24}}, 0x0) 3.657517388s ago: executing program 1 (id=254): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) stat64(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180)) 3.588790857s ago: executing program 1 (id=255): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) r3 = dup2(r2, r1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r1, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) connect$inet(r3, &(0x7f0000003f40)={0x2, 0x4e1f, @empty}, 0x10) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@txtime={{0x14, 0x1, 0x3d, 0x3}}], 0x14}}], 0x1, 0x20000844) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}, {}, {0x0, 0x5}, {}, {}, {}, {0x0, 0x9}], 0x0, 0x0, 0x0, 0x0, 0x1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) r8 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000900)={0x1000, 0x0, 0x1, r8, 0x1}) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x1000, 0x0, 0x1, r8, 0x1}) syz_open_dev$sndctrl(0x0, 0x0, 0x501840) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 3.218342232s ago: executing program 3 (id=256): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x80081, 0x1fb) write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000840)={0x7, 0x4d, 0x103}, 0x7) syz_open_dev$tty20(0xc, 0x4, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) socket$nl_xfrm(0x10, 0x3, 0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000280)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x3}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xfffffecc) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="2c76657273696f6e3d39703230300000752c636163680f69e0d63d47504c002c6d61736b3d4d49595f415050454e442c6d613d4d41595f455845432c000000"]) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f000000000000000000000000000039d1c723"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000000214010028bd7000fddbdf250900020073797a3100000000080001000000000008004400", @ANYRES32, @ANYBLOB="050054000100b2ac08000100000000000900020073"], 0x48}, 0x1, 0x0, 0x0, 0x4000801}, 0x0) syz_emit_ethernet(0x3e2, &(0x7f0000000400)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "717faf", 0x3ac, 0x2f, 0x0, @local, @empty, {[@dstopts={0x62}, @dstopts={0x84, 0x19, '\x00', [@jumbo={0xc2, 0x4, 0x7fffffff}, @generic={0x3, 0xb5, "d80d12c8720441905e8a3872838bff2017e2f7477e0f35539f7ff33f60271e5be4d6a3e20162906e48a6520d57b3382f4abf88a141b08cc157b7520477ddcc01696221b20dcbc0b593cb45eb583c785ac24ffa8b1344dfff718d182fbdb7f5e3a89c6b06725d3e5de9eaab1523155d52a28897fb7424cdd2a466832f385b20eeba571dae225bad12fb9f523518c18b94780919e8cb49538d25f71363c71155fdb67b138ca01e38b77561442d784de7b2f45f5be4d0"}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, @hopopts={0x84, 0x3, '\x00', [@enc_lim={0x4, 0x1, 0x8}, @jumbo={0xc2, 0x4, 0x4}, @jumbo={0xc2, 0x4, 0x10}, @pad1, @enc_lim={0x4, 0x1, 0x9}, @pad1, @enc_lim={0x4, 0x1, 0x9}, @enc_lim={0x4, 0x1, 0xd}]}, @srh={0x0, 0x8, 0x4, 0x4, 0x2a, 0x38, 0x5, [@local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty]}, @fragment={0x2c, 0x0, 0xd, 0x1, 0x0, 0x14, 0x68}, @srh={0x0, 0xc, 0x4, 0x6, 0xd6, 0x60, 0x3, [@private0={0xfc, 0x0, '\x00', 0x8}, @private0, @empty, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0xf}]}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x48, 0x3, [0xfffc], "13e0ed17d6398c2a924c2de98250af798c10790496b487ef45306fbd7354d08a168cc77b3631e011bd1135b0158db4fd45ff35abeb0b2abb24e094cf8dfd8eeb24aae40c4bbc18a4"}, {0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [], "d967db9b7ec8a607d276706569da8e660a1e3ae89f508724e6d94f0f25ac89c93c6b5ffc0c8ae2ce34b0067154c1a2f28d229d2199bd186b39e6d25793f7e9768c072593642448a0d365a12790ed71bc0907af948e4d7d05c5c43cd6d526e56d9d7a6605230acf3fd9b4d7bae4"}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [], "30dc3acad7fb142563eafbe0d3081a603ecb5e9445088477944489457b7c42099bea58e5d2f1fb53d7c3753efa485b53d0c3a3ce15c2e6e6a76ec5bd9d0ea1a6618a68e895fe32d476c277d20f7f73abbf5dabd5457728e12f6cdff4afd6fdd2df22b21cdaf18e2f4e59e098ff6afa79fee5515f89f2d3a15a12b7d147db67525e9ffe4d5fa847706b154bef8046ac76ec350a53f24322658562976eeccaeb7a91605ce32e8b"}, {0x8, 0x88be, 0x0, {{0x4, 0x1, 0x68, 0x1, 0x1, 0x1, 0x1, 0x92}, 0x1, {0x2}}}, {0x8, 0x22eb, 0x2, {{0xf, 0x2, 0x3, 0x0, 0x1, 0x3, 0x1}, 0x2, {0xfffffff7, 0x6, 0x0, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2, "4f45ec0713f22e73a9a561168336166c64419fd7fab2f306440e000aff21343ad3db751eedd43ae129c544025481a99e08aa937ad4c7fde34d1a774e3f18ed35f03cddd979ee54ad2c937c"}}}}}}}, 0x0) 3.212506289s ago: executing program 2 (id=257): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x11}, 0x18) 2.534943647s ago: executing program 1 (id=258): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000000000904000002bd22f00009050303000000000009058aff30"], 0x0) syz_usb_control_io$cdc_ecm(r2, &(0x7f00000005c0)={0x14, 0x0, &(0x7f0000000580)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000400000000000000000000000000000000000039cd77090c098c927c9f39969831f69bedfdab7a4ea1f1fad94a3ccce2c4895bf08c4311030a8330499d0c66b8623e098bf4d73d7e2522e928b2a24732e78f21de12c62c1d5a450438eea86a05dbe4ab175ad9c8c5d8eda7d68e5b07243e829b597170725ee685a968f535e6aa3d6392a6b3919a191d82397aa48965840a06c600916b68d58503f930c15cdd9961df5ce6dbff6ae50d522d4ab4779c70292f41591a7441595e2207e9dcd7a7edbfdac9260e6c0d63984c4cc025bc4e8fea477c8f72a0dee5ede8ad1121f196f4dad6a0d0edbdd07bb26d9d6baeffb168cafeca5cc28ea94768a030b3e93066a4b3626da46091a70c7c7a99244532acc42b12b450f20ad247cac7c39687cbd06f6552c7bcba02f77f9ee430e19cc5f1e47f527f2080cf371d49c9782dbe79f5ee69b6772e6016d3c138c5228d094794e6d768f2883ec79120cf14d455496a10e472b37f59091e179a178e9a2595a5292689c53ff3"], 0x48) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x5c}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$netlink(0x10, 0x3, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000200)={{0x1, 0x1, 0x18, r6, {0xee00, 0xee01}}, './file0\x00'}) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, 0x0}, &(0x7f0000000400)=0xc) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0xa0009, &(0x7f0000000640)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other}], [{@fscontext={'fscontext', 0x3d, 'system_u'}}, {@seclabel}, {@subj_role={'subj_role', 0x3d, '^!'}}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@uid_eq={'uid', 0x3d, r9}}]}}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="240000001d00070f000200000000000007000000", @ANYRES32=r10, @ANYBLOB='\x00\x00g\x00\b\x00', @ANYRES32=r5], 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 2.533506697s ago: executing program 0 (id=266): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r2, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r2, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000001400210100000000000000000200"], 0x28}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2000000014002101000000000000000002000000", @ANYRES32=r6, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv4_deladdr={0x18, 0x15, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r6}}, 0x18}}, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000500)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1, 0x80000000}) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000040)) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1}) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000100)={0xffffffffffffffc0, 0xf58, 0x400000005, 0x1000, 0x4, 0x20000}) socket$alg(0x26, 0x5, 0x0) 2.438850963s ago: executing program 0 (id=259): timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x11}, 0x18) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x40000000000001, 0x125200) 2.336772434s ago: executing program 2 (id=260): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x28, 0x3, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}, 0x1, 0xf0ff}, 0x0) 2.336431464s ago: executing program 3 (id=261): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB], 0xe8}, 0x1, 0x0, 0x0, 0x4000}, 0x40008d8) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4008, 0x0, 0x0, 0x22) msgget$private(0x0, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902"], 0x0) r8 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc)) r9 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc2b02) ppoll(&(0x7f0000000280)=[{0xffffffffffffffff, 0x4022}, {r9, 0x20}, {0xffffffffffffffff, 0x10}], 0x3, &(0x7f0000000300)={0x0, 0x3938700}, &(0x7f00000003c0)={[0x0, 0x9]}, 0x8) (fail_nth: 25) r10 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) migrate_pages(r10, 0x7, &(0x7f0000000000)=0x6, &(0x7f0000000040)=0x100000001) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) syz_usb_connect_ath9k(0x3, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r7}, 0x18) r11 = timerfd_create(0x9, 0x80800) timerfd_gettime(r11, 0x0) ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x8008551d, &(0x7f0000000080)=ANY=[@ANYBLOB="54c3000001000000563d7ae4da256f0a724b49f1df8a0092d9a51e2c70597c249c06c210ff09794515fd618847e5cd3c97224b692e87e3c1b4225372fd70b6ab578b0bcc91c9857bf6830c3e23bf5f41aa1bd79861afe6de4799887ff74831cf2eda17e321e5c5b29e6adcc61ec341e536364cc6e9f714d1425cc6608ae587bb747c0a134d6605714f92f82bf968"]) close_range(r6, 0xffffffffffffffff, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) 2.336292923s ago: executing program 2 (id=262): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000001a40), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000480)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0xb, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0), 0x0, 0x10, 0x1, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000c80)=ANY=[@ANYRES16=0x0, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_move_chan_cfm={{0x10, 0x6d, 0x4}, {0xf1de, 0x2}}]}}, 0x11) socket$tipc(0x1e, 0x4, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000300)="1c0000001a005f0214f9f4070d0903001f000000fe05000000020000", 0x1c) bind$packet(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) write$tun(0xffffffffffffffff, 0x0, 0xfdef) 1.578300383s ago: executing program 0 (id=263): keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0xfffffffffffffffc) r0 = add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x800, 0x70bd2c, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$xdp(0x2c, 0x3, 0x0) syz_io_uring_setup(0x7c45, &(0x7f0000000080)={0x0, 0x20, 0x13100, 0x0, 0xfffffffc}, 0x0, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r4, 0x28, 0x0, &(0x7f00000000c0), 0x8) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r6, 0x0, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc}) io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='hfs\x00', 0x8200, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2={0xff, 0x3}, 0x0, 0x0, 0xfffffffe, 0xffffffff}}) 1.134662068s ago: executing program 2 (id=264): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa0, 0x30, 0x1, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_ct={0x40, 0x2, 0x0, 0x0, {{0x7}, {0x18, 0x2, 0x0, 0x1, [@TCA_CT_LABELS_MASK={0x14, 0x8, "bed1342bcaf6fa043a500e0a4bafbbd1"}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x40005) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_emit_ethernet(0x7f, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) times(&(0x7f00000001c0)) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r4, 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x8002) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x8, 0x1) r5 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) close(r5) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x0, 0x100004, 0xffff, 0x800, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=[r8, r8], 0x0, 0x10, 0x0, @void, @value}, 0x90) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x5a8b, 0x4, 0x3, 0x4001, r8, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r9, 0x0, 0x8000000}, 0x27) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) 1.133325972s ago: executing program 3 (id=265): socket$packet(0x11, 0x2, 0x300) socket$inet_smc(0x2b, 0x1, 0x0) r0 = getpid() syz_pidfd_open(r0, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141101) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) socket$alg(0x26, 0x5, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) pselect6(0x40, &(0x7f0000000600), 0x0, &(0x7f00000002c0)={0x7ff}, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4e24, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x3, 0x6, @mcast2}}}, 0x108) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010125bd70000000000003000000", @ANYRES32=r4], 0x20}}, 0x0) 988.806773ms ago: executing program 1 (id=267): fsopen(&(0x7f0000000140)='vfat\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0xfffffffe, {}, [{0x30, 0x1, [@m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4000810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6(0xa, 0x3, 0x100) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x3}, &(0x7f0000000040), &(0x7f0000000080)) socket$alg(0x26, 0x5, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x51c, 0x340, 0x25, 0x8f, 0x0, 0x60, 0x488, 0x2a8, 0x2a8, 0x488, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@set={{0x40}}, @common=@unspec=@statistic={{0x38}}]}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x578) 898.126058ms ago: executing program 3 (id=268): eventfd(0x6) r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote, 0x7}, 0x1c) sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c01953", 0xd, 0xc001, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) memfd_create(0x0, 0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002300)={0x11, 0x10, &(0x7f00000022c0)=ANY=[@ANYRES8], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r4, 0x5421, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b70000008113b0ffbfa30000000010000703000000feffff720af0fff8ffffff71a4f0ff0000000071103600000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000e500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 398.844458ms ago: executing program 0 (id=269): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x11}, 0x18) 279.080988ms ago: executing program 1 (id=270): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) sendmmsg$inet(r0, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10, 0x0}, 0x300}], 0x1, 0x0) 278.832875ms ago: executing program 1 (id=271): r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1a, &(0x7f00000000c0)={@private2, 0x0}, &(0x7f0000000180)=0x14) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000002c0)={'gre0\x00', &(0x7f00000001c0)={'syztnl0\x00', r1, 0x80, 0x20, 0x7, 0x5, {{0x2d, 0x4, 0x1, 0x5, 0xb4, 0x64, 0x0, 0x1, 0x29, 0x0, @multicast1, @loopback, {[@ssrr={0x89, 0x1b, 0x78, [@multicast2, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010102, @multicast1]}, @timestamp_addr={0x44, 0x14, 0x85, 0x1, 0x3, [{@private=0xa010101, 0x1000}, {@dev={0xac, 0x14, 0x14, 0x17}, 0x1e7}]}, @generic={0x7, 0xb, "04f71a2de6b5f92e75"}, @timestamp={0x44, 0x2c, 0x17, 0x0, 0x9, [0x10, 0x2, 0x5, 0x4, 0x10000, 0x0, 0xff, 0x6, 0x400, 0x20000]}, @generic={0x44, 0xa, "9a20f307fea3fbad"}, @timestamp={0x44, 0xc, 0x56, 0x0, 0x7, [0x80, 0x9]}, @ssrr={0x89, 0xf, 0x65, [@remote, @remote, @private=0xa010101]}, @lsrr={0x83, 0x13, 0xb5, [@multicast2, @empty, @dev={0xac, 0x14, 0x14, 0x29}, @dev={0xac, 0x14, 0x14, 0xf}]}]}}}}}) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x28241, 0x0) write$dsp(r2, &(0x7f0000000040)="58086a382d2a5f2002cad421d1f9f54ac2fff5fc7516cc26d28d57b4b9aa410a33cc31a6b5209dfd5930bd", 0x2b) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x0, 0x0) (async) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) (async) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@empty, 0x0, 0x0, 0x4e22, 0x0, 0x2}, {0x2000, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0xfffffffffffffffd}, {0xd, 0x0, 0x0, 0x2}, 0x0, 0x80000000, 0x0, 0x0, 0x1}, {{@in=@remote, 0x0, 0x32}, 0x0, @in=@multicast1, 0x0, 0x0, 0x2, 0x3}}, 0xe8) (async) listen(r3, 0x0) (async) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0) ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) (async) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r4, 0x5420, &(0x7f0000000100)=0xcf5) (async) r5 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x7, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) ppoll(&(0x7f0000000140)=[{r4}], 0x1, 0x0, 0x0, 0x0) r6 = syz_open_pts(r4, 0x0) r7 = dup3(r6, r4, 0x0) ioctl$TCSETSW2(r7, 0x5437, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f0000000080)=0xffffffff) (async) ioctl$SNDCTL_DSP_RESET(r2, 0x5000, 0x0) 168.486772ms ago: executing program 2 (id=272): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000003c0)=@filter={'filter\x00', 0x2, 0x4, 0x3ac, 0xffffffff, 0x0, 0x1f8, 0x0, 0xfeffffff, 0xffffffff, 0x2e4, 0x2e4, 0x2e4, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0x10c, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x41}}, @common=@inet=@length={{0x28}}]}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0x1f8}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @multicast1}, [], [], 'netpci0\x00', 'hsr0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @local}, @mcast1, [], [], 'veth0_virt_wifi\x00', 'syzkaller1\x00'}, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@ipv6header={{0x24}}]}, @common=@inet=@SYNPROXY={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x408) 1.618677ms ago: executing program 2 (id=273): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r1}, 0x8) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) r6 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r6, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000000c0)={"6957400000eaffff0800", 0x0, 0x0, {0x4, 0x2}, {0x7, 0xc00000}, 0x5, [0x3, 0x9, 0x7ff, 0x6, 0x0, 0x10000400, 0x9, 0x2, 0x8, 0x6, 0x6, 0x8000082, 0x10, 0xbd, 0x7, 0x80008006]}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0x2) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$l2tp(0x2, 0x2, 0x73) mbind(&(0x7f0000474000/0x2000)=nil, 0x2000, 0x3, &(0x7f0000000280)=0xffffffffffffff8b, 0x9, 0x6) bind$l2tp(r8, &(0x7f00000000c0), 0x10) r9 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="2309fefffffffcffffff0100000005000700000000000800090000000000060002000100000008000a000400010008001700", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x3f00}, 0x0) 144.453µs ago: executing program 3 (id=274): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000000000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec081208000300060107ffbdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$tipc(0x1e, 0x5, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1f0000064e000000000000000000001000800000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"/28], 0x50) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) 0s ago: executing program 3 (id=275): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="3f01000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='rpc_request\x00', r1, 0x0, 0x5}, 0x18) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) recvfrom$inet_nvme(0xffffffffffffffff, &(0x7f0000000640)=""/4096, 0x1000, 0x2000, &(0x7f0000000380)=@generic={0x11, "d71d9c1bf36be386b8195be2f96732daece168ab8c4756fcaaaaa57ab4d9fa9c5e136c872457faea878081b25c7ac9863e328325d3608f7b92b91789fb2322981d60e78ecebc51a8a848ac66a135cbf9adb555f5fff1d2552ce4b120288f1c606bebc17e3b75c547a1c41ac89d1be3f0e179d586d665ef8397dfdbdaa865"}, 0x80) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(r5, 0xc0cc5640, &(0x7f0000000540)={0x1, @sliced={0x0, [0x12a9, 0x400, 0x200, 0x8, 0xffff, 0x3, 0x6, 0x8, 0x83, 0x1, 0xe3c7, 0x5, 0x6, 0x8, 0xc000, 0x200, 0x7, 0x9, 0x5, 0x3, 0x1ff, 0xad3f, 0x5, 0x4, 0x0, 0x7, 0x6, 0x8, 0x101, 0x515, 0x7, 0x2, 0x5, 0x9, 0x2, 0xfc00, 0x10, 0xfff, 0x9, 0x23, 0x38, 0x4, 0xfff4, 0x675, 0xa, 0x6, 0x6, 0x8], 0x3}}) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:6300' (ED25519) to the list of known hosts. [ 41.858205][ T5928] cgroup: Unknown subsys name 'net' [ 41.983234][ T5928] cgroup: Unknown subsys name 'cpuset' [ 41.986234][ T5928] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.793216][ T5928] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.792091][ T5946] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 44.794746][ T5946] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 44.797884][ T5946] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 44.800399][ T5946] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 44.803183][ T5946] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 44.805373][ T5946] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 44.807561][ T5946] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 44.807559][ T5947] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 44.812843][ T5948] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 44.814719][ T5946] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 44.815595][ T5948] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 44.817832][ T5946] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 44.818054][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 44.818414][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 44.820158][ T5948] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 44.822194][ T5949] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 44.823360][ T5948] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 44.825232][ T5946] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 44.825614][ T5949] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 44.826755][ T5946] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 44.826874][ T5946] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 44.830708][ T65] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 44.841699][ T65] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 44.843823][ T65] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 44.997989][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 45.009063][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 45.047258][ T5940] chnl_net:caif_netlink_parms(): no params data found [ 45.059837][ T5950] chnl_net:caif_netlink_parms(): no params data found [ 45.102514][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.105222][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.107403][ T5944] bridge_slave_0: entered allmulticast mode [ 45.109684][ T5944] bridge_slave_0: entered promiscuous mode [ 45.166307][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.168378][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.170406][ T5944] bridge_slave_1: entered allmulticast mode [ 45.174121][ T5944] bridge_slave_1: entered promiscuous mode [ 45.236521][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.239468][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.242627][ T5939] bridge_slave_0: entered allmulticast mode [ 45.244760][ T5939] bridge_slave_0: entered promiscuous mode [ 45.252087][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.255023][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.257616][ T5940] bridge_slave_0: entered allmulticast mode [ 45.260172][ T5940] bridge_slave_0: entered promiscuous mode [ 45.270789][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.272917][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.274974][ T5939] bridge_slave_1: entered allmulticast mode [ 45.277196][ T5939] bridge_slave_1: entered promiscuous mode [ 45.300141][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.302572][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.305406][ T5940] bridge_slave_1: entered allmulticast mode [ 45.308461][ T5940] bridge_slave_1: entered promiscuous mode [ 45.313360][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.324989][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.348395][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.362653][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.365398][ T5950] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.367543][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.369639][ T5950] bridge_slave_0: entered allmulticast mode [ 45.372407][ T5950] bridge_slave_0: entered promiscuous mode [ 45.376411][ T5950] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.378506][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.380604][ T5950] bridge_slave_1: entered allmulticast mode [ 45.383407][ T5950] bridge_slave_1: entered promiscuous mode [ 45.403659][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.434217][ T5944] team0: Port device team_slave_0 added [ 45.436909][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.440930][ T5939] team0: Port device team_slave_0 added [ 45.457215][ T5944] team0: Port device team_slave_1 added [ 45.467178][ T5939] team0: Port device team_slave_1 added [ 45.470739][ T5950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.516953][ T5950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.520957][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.523062][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.530061][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.537181][ T5940] team0: Port device team_slave_0 added [ 45.563051][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.564923][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.572371][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.577141][ T5940] team0: Port device team_slave_1 added [ 45.591370][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.593441][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.600909][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.621500][ T5950] team0: Port device team_slave_0 added [ 45.638903][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.641866][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.651941][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.656823][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.658871][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.666265][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.674245][ T5950] team0: Port device team_slave_1 added [ 45.677037][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.679704][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.687630][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.726699][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.728730][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.736097][ T5950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.757028][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.759068][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.766999][ T5950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.774244][ T5944] hsr_slave_0: entered promiscuous mode [ 45.776460][ T5944] hsr_slave_1: entered promiscuous mode [ 45.780446][ T5939] hsr_slave_0: entered promiscuous mode [ 45.782686][ T5939] hsr_slave_1: entered promiscuous mode [ 45.784611][ T5939] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.786896][ T5939] Cannot create hsr debugfs directory [ 45.807171][ T5940] hsr_slave_0: entered promiscuous mode [ 45.809228][ T5940] hsr_slave_1: entered promiscuous mode [ 45.811186][ T5940] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.813422][ T5940] Cannot create hsr debugfs directory [ 45.901723][ T5950] hsr_slave_0: entered promiscuous mode [ 45.903871][ T5950] hsr_slave_1: entered promiscuous mode [ 45.905839][ T5950] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.908039][ T5950] Cannot create hsr debugfs directory [ 46.083829][ T5940] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.089343][ T5940] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.093488][ T5940] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.099144][ T5940] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.116567][ T5950] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.120142][ T5950] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.125490][ T5950] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.128988][ T5950] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 46.150864][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.154601][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.159573][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.162978][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.196023][ T5944] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.199862][ T5944] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.204264][ T5944] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.207294][ T5944] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.234771][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.246874][ T5940] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.257732][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.259802][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.263169][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.265210][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.281926][ T5950] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.300544][ T5940] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.312980][ T5950] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.317420][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.319609][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.331964][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.334262][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.344799][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.349510][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.357610][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.370641][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.375077][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.377109][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.385176][ T104] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.387151][ T104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.396847][ T104] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.398976][ T104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.403693][ T104] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.406463][ T104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.443210][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.475645][ T5940] veth0_vlan: entered promiscuous mode [ 46.479926][ T5940] veth1_vlan: entered promiscuous mode [ 46.496360][ T5940] veth0_macvtap: entered promiscuous mode [ 46.499541][ T5950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.503775][ T5940] veth1_macvtap: entered promiscuous mode [ 46.511562][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.516211][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.519894][ T5940] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.523330][ T5940] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.525891][ T5940] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.528419][ T5940] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.551146][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.562291][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.575254][ T5950] veth0_vlan: entered promiscuous mode [ 46.582228][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.584644][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.593887][ T5950] veth1_vlan: entered promiscuous mode [ 46.603005][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.605285][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.615567][ T5939] veth0_vlan: entered promiscuous mode [ 46.620923][ T5944] veth0_vlan: entered promiscuous mode [ 46.627323][ T5950] veth0_macvtap: entered promiscuous mode [ 46.631282][ T5939] veth1_vlan: entered promiscuous mode [ 46.634223][ T5950] veth1_macvtap: entered promiscuous mode [ 46.640262][ T5944] veth1_vlan: entered promiscuous mode [ 46.646949][ T5940] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 46.656132][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.659407][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.662831][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.666082][ T5944] veth0_macvtap: entered promiscuous mode [ 46.669904][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.674445][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.677765][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.684845][ T5944] veth1_macvtap: entered promiscuous mode [ 46.689331][ T5939] veth0_macvtap: entered promiscuous mode [ 46.693250][ T5950] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.695903][ T5950] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.698739][ T5950] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.701674][ T5950] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.707636][ T5939] veth1_macvtap: entered promiscuous mode [ 46.718282][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.721814][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.725847][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.729327][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.733033][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.741037][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.744350][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.747188][ T5939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.750252][ T5939] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.754227][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.757816][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.761051][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.764345][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.767918][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.770722][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.774496][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.778177][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.784086][ T5939] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.786621][ T5939] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.789225][ T5939] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.792147][ T5939] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.805409][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.808443][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.811509][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.814528][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.817389][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.820333][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.823819][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.828879][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.829406][ T5944] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.831550][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.834516][ T5944] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.838589][ T5944] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.841046][ T5944] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.852807][ T5305] Bluetooth: hci2: command tx timeout [ 46.861793][ T5305] Bluetooth: hci3: command tx timeout [ 46.861907][ T65] Bluetooth: hci0: command tx timeout [ 46.862622][ T5943] Bluetooth: hci1: command tx timeout [ 46.865837][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.869814][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.889494][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.893666][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.926368][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.929754][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.945033][ T104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.947296][ T104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.969698][ T39] audit: type=1800 audit(1737419838.925:2): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2" name="memory.events" dev="9p" ino=40501305 res=0 errno=0 [ 46.970729][ T104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.984066][ T104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.986664][ T39] audit: type=1804 audit(1737419838.925:3): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2" name="/newroot/0/file0/memory.events" dev="9p" ino=40501305 res=1 errno=0 [ 47.361702][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 47.711463][ T6016] ceph: No mds server is up or the cluster is laggy [ 47.843303][ T5997] libceph: connect (1)[c::]:6789 error -101 [ 47.846850][ T5997] libceph: mon0 (1)[c::]:6789 connect error [ 48.340486][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 48.442955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 48.448772][ T6034] netlink: 'syz.2.8': attribute type 10 has an invalid length. [ 48.502824][ T6035] Zero length message leads to an empty skb [ 48.647769][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 48.649547][ T6034] team0: Port device netdevsim0 added [ 48.931719][ T65] Bluetooth: hci2: command tx timeout [ 48.942453][ T65] Bluetooth: hci1: command tx timeout [ 48.943979][ T5305] Bluetooth: hci3: command tx timeout [ 48.944617][ T65] Bluetooth: hci0: command tx timeout [ 48.992744][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.029720][ T6037] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 49.121263][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.252022][ T6046] netlink: 36 bytes leftover after parsing attributes in process `syz.1.12'. [ 49.556622][ T6064] lo speed is unknown, defaulting to 1000 [ 49.572724][ T6064] lo speed is unknown, defaulting to 1000 [ 49.591389][ T6064] lo speed is unknown, defaulting to 1000 [ 49.727592][ T6041] »»»»»»: renamed from lo (while UP) [ 49.919538][ T6064] infiniband sz1: set active [ 49.926557][ T6046] warning: `syz.1.12' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 49.928149][ T6064] infiniband sz1: added »»»»»» [ 49.931235][ T5307] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 49.935772][ T2293] »»»»»» speed is unknown, defaulting to 1000 [ 50.104895][ T5307] usb 5-1: too many endpoints for config 1 interface 0 altsetting 253: 68, using maximum allowed: 30 [ 50.108224][ T5307] usb 5-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 68 [ 50.112404][ T5307] usb 5-1: config 1 interface 0 has no altsetting 0 [ 50.115918][ T5307] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 50.118625][ T5307] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.120917][ T5307] usb 5-1: Product: syz [ 50.123143][ T5307] usb 5-1: Manufacturer: syz [ 50.124777][ T5307] usb 5-1: SerialNumber: syz [ 50.184128][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 50.202657][ T6064] RDS/IB: sz1: added [ 50.204733][ T6064] smc: adding ib device sz1 with port count 1 [ 50.206650][ T6064] smc: ib device sz1 port 1 has pnetid [ 50.209591][ T5997] »»»»»» speed is unknown, defaulting to 1000 [ 50.216892][ T6064] »»»»»» speed is unknown, defaulting to 1000 [ 50.331708][ T6064] »»»»»» speed is unknown, defaulting to 1000 [ 50.373295][ T6064] »»»»»» speed is unknown, defaulting to 1000 [ 50.428539][ T6064] »»»»»» speed is unknown, defaulting to 1000 [ 50.481348][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.484658][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.487124][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.703753][ T6099] netlink: 'syz.3.16': attribute type 9 has an invalid length. [ 50.903059][ T6100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.907757][ T6100] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 51.012139][ T65] Bluetooth: hci2: command tx timeout [ 51.021480][ T5943] Bluetooth: hci1: command tx timeout [ 51.023157][ T65] Bluetooth: hci3: command tx timeout [ 51.227263][ T6103] Bluetooth: MGMT ver 1.23 [ 51.547520][ T6113] overlay: Unknown parameter 'fowner<00000000004294967295' [ 52.056183][ T6124] netlink: 40 bytes leftover after parsing attributes in process `syz.2.23'. [ 52.060739][ T6124] xt_TCPMSS: Only works on TCP SYN packets [ 52.073598][ T6124] smc: removing ib device sz1 [ 52.074539][ T6125] netlink: 'syz.3.22': attribute type 12 has an invalid length. [ 52.401235][ T25] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 52.551946][ T25] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 52.555564][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 52.558091][ T25] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 52.561279][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 52.563882][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 52.565715][ T6152] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in; [ 52.565715][ T6152] program syz.3.24 not setting count and/or reply_len properly [ 52.566426][ T25] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 52.566442][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 52.571244][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 52.579422][ T6152] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24'. [ 52.579655][ T25] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 52.587667][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 52.601195][ T70] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 52.601583][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 52.606401][ T25] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 52.610253][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 52.614064][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 52.617279][ T25] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 52.620607][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 52.623712][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 52.626261][ T25] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 52.629322][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 52.632121][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 52.634996][ T25] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 52.639040][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 52.644252][ T25] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 52.646827][ T25] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 52.649941][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 52.653435][ T25] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 52.656057][ T25] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 52.658422][ T25] usb 7-1: Product: syz [ 52.659637][ T25] usb 7-1: Manufacturer: syz [ 52.661013][ T25] usb 7-1: SerialNumber: syz [ 52.664211][ T25] usb 7-1: config 0 descriptor?? [ 52.670789][ T25] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 52.698421][ T6100] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 52.703638][ T5307] usblp 5-1:1.0: usblp1: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 52.717298][ T5307] usb 5-1: USB disconnect, device number 2 [ 52.725171][ T5307] usblp1: removed [ 52.754599][ T70] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 52.757740][ T70] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 52.760469][ T70] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 52.764735][ T70] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.769742][ T6139] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 52.775169][ T70] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 52.959361][ C2] usb 7-1: yurex_control_callback - control failed: -71 [ 52.959589][ T5307] usb 7-1: USB disconnect, device number 2 [ 52.967240][ T5307] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 53.040644][ T6159] FAULT_INJECTION: forcing a failure. [ 53.040644][ T6159] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 53.044991][ T6159] CPU: 3 UID: 0 PID: 6159 Comm: syz.0.27 Not tainted 6.13.0-syzkaller #0 [ 53.047415][ T6159] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.050492][ T6159] Call Trace: [ 53.051464][ T6159] [ 53.052326][ T6159] dump_stack_lvl+0x16c/0x1f0 [ 53.053726][ T6159] should_fail_ex+0x497/0x5b0 [ 53.055104][ T6159] _copy_from_user+0x2e/0xd0 [ 53.056425][ T6159] generic_map_update_batch+0x3ff/0x5f0 [ 53.058069][ T6159] ? __pfx_generic_map_update_batch+0x10/0x10 [ 53.059818][ T6159] ? __fget_files+0x206/0x3a0 [ 53.061197][ T6159] ? __pfx_generic_map_update_batch+0x10/0x10 [ 53.062950][ T6159] bpf_map_do_batch+0x576/0x640 [ 53.064347][ T6159] __sys_bpf+0x1c9f/0x57a0 [ 53.065611][ T6159] ? __pfx_lock_release+0x10/0x10 [ 53.067038][ T6159] ? __pfx___sys_bpf+0x10/0x10 [ 53.068427][ T6159] ? vfs_write+0x306/0x1150 [ 53.069751][ T6159] ? __mutex_unlock_slowpath+0x164/0x690 [ 53.071356][ T6159] ? fput+0x67/0x440 [ 53.072481][ T6159] ? ksys_write+0x1ba/0x250 [ 53.073826][ T6159] ? __pfx_ksys_write+0x10/0x10 [ 53.075260][ T6159] __ia32_sys_bpf+0x76/0xe0 [ 53.076585][ T6159] __do_fast_syscall_32+0x73/0x120 [ 53.078090][ T6159] do_fast_syscall_32+0x32/0x80 [ 53.079432][ T6159] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.081214][ T6159] RIP: 0023:0xf706e579 [ 53.082393][ T6159] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 53.087806][ T6159] RSP: 002b:00000000f503f55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 53.090179][ T6159] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000020000200 [ 53.092442][ T6159] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 53.094705][ T6159] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 53.096975][ T6159] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 53.099251][ T6159] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.101520][ T6159] [ 53.103330][ T65] Bluetooth: hci3: command tx timeout [ 53.103654][ T5943] Bluetooth: hci1: command tx timeout [ 53.104922][ T65] Bluetooth: hci2: command tx timeout [ 53.592027][ T57] usb 6-1: USB disconnect, device number 2 [ 54.155930][ T6221] netlink: 12 bytes leftover after parsing attributes in process `syz.1.43'. [ 54.438343][ T6227] netlink: 28 bytes leftover after parsing attributes in process `syz.0.45'. [ 54.441126][ T6227] netlink: 60 bytes leftover after parsing attributes in process `syz.0.45'. [ 54.446153][ T6227] overlayfs: missing 'lowerdir' [ 54.623609][ T6234] netlink: 12 bytes leftover after parsing attributes in process `syz.3.48'. [ 54.738204][ T6235] Sensor A: ================= START STATUS ================= [ 54.740493][ T6235] Sensor A: Test Pattern: 75% Colorbar [ 54.742423][ T6235] Sensor A: Show Information: All [ 54.744030][ T6235] Sensor A: Vertical Flip: false [ 54.745853][ T6235] Sensor A: Horizontal Flip: false [ 54.749634][ T6235] Sensor A: Brightness: 128 [ 54.751291][ T6235] Sensor A: Contrast: 128 [ 54.753148][ T6235] Sensor A: Hue: 0 [ 54.754411][ T6235] Sensor A: Saturation: 128 [ 54.755964][ T6235] Sensor A: ================== END STATUS ================== [ 55.801705][ T6251] netlink: 28 bytes leftover after parsing attributes in process `syz.1.53'. [ 56.141868][ T6275] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 56.145121][ T6275] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 56.599510][ T6291] kernel read not supported for file /eth0 (pid: 6291 comm: syz.0.64) [ 56.603191][ T39] audit: type=1800 audit(1737419848.565:4): pid=6291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.64" name="eth0" dev="mqueue" ino=10462 res=0 errno=0 [ 56.875339][ T6305] tipc: Started in network mode [ 56.877032][ T6305] tipc: Node identity 10000, cluster identity 4711 [ 56.878960][ T6305] tipc: Node number set to 65536 [ 57.368778][ T6315] usb usb8: usbfs: process 6315 (syz.0.73) did not claim interface 0 before use [ 57.376106][ T6315] netlink: 'syz.0.73': attribute type 10 has an invalid length. [ 57.785574][ T6330] syz.1.76 uses obsolete (PF_INET,SOCK_PACKET) [ 58.129366][ T6339] FAULT_INJECTION: forcing a failure. [ 58.129366][ T6339] name failslab, interval 1, probability 0, space 0, times 1 [ 58.133282][ T6339] CPU: 1 UID: 0 PID: 6339 Comm: syz.0.77 Not tainted 6.13.0-syzkaller #0 [ 58.135711][ T6339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.138723][ T6339] Call Trace: [ 58.139679][ T6339] [ 58.140527][ T6339] dump_stack_lvl+0x16c/0x1f0 [ 58.141891][ T6339] should_fail_ex+0x497/0x5b0 [ 58.143228][ T6339] ? fs_reclaim_acquire+0xae/0x150 [ 58.144670][ T6339] should_failslab+0xc2/0x120 [ 58.146189][ T6339] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 58.147711][ T6339] ? __kernfs_new_node+0xd3/0x890 [ 58.149135][ T6339] __kernfs_new_node+0xd3/0x890 [ 58.150464][ T6339] ? __pfx___kernfs_new_node+0x10/0x10 [ 58.151969][ T6339] ? mark_held_locks+0x9f/0xe0 [ 58.153284][ T6339] ? irqentry_exit+0x3b/0x90 [ 58.154511][ T6339] ? lockdep_hardirqs_on+0x7c/0x110 [ 58.155986][ T6339] kernfs_new_node+0x186/0x240 [ 58.157338][ T6339] __kernfs_create_file+0x53/0x350 [ 58.158717][ T6339] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 58.160174][ T6339] sysfs_create_file_ns+0x13e/0x1d0 [ 58.161662][ T6339] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 58.163215][ T6339] ? down_read+0xc9/0x330 [ 58.164428][ T6339] ? __pfx___up_read+0x10/0x10 [ 58.165775][ T6339] ? kobject_put+0xab/0x5a0 [ 58.167182][ T6339] device_create_file+0xf2/0x1e0 [ 58.168599][ T6339] device_add+0x2c0/0x1a70 [ 58.169897][ T6339] ? rcu_is_watching+0x12/0xc0 [ 58.171246][ T6339] ? __pfx_device_add+0x10/0x10 [ 58.172614][ T6339] ? kstrdup+0x8b/0xb0 [ 58.173804][ T6339] device_create_groups_vargs+0x1f8/0x270 [ 58.175452][ T6339] device_create+0xe9/0x130 [ 58.176762][ T6339] ? __pfx_device_create+0x10/0x10 [ 58.178401][ T6339] ? __pfx_vsnprintf+0x10/0x10 [ 58.179797][ T6339] ? __pfx___debug_object_init+0x10/0x10 [ 58.181358][ T6339] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 58.182960][ T6339] bdi_register_va+0x116/0x820 [ 58.184306][ T6339] ? __pfx_bdi_register_va+0x10/0x10 [ 58.185770][ T6339] ? do_init_timer+0xc9/0x110 [ 58.187244][ T6339] super_setup_bdi_name+0x100/0x250 [ 58.189036][ T6339] ? __pfx_super_setup_bdi_name+0x10/0x10 [ 58.191254][ T6339] ? shrinker_register+0x1a8/0x260 [ 58.193198][ T6339] afs_get_tree+0xc2d/0x14d0 [ 58.194485][ T6339] ? security_capable+0x7e/0x260 [ 58.195881][ T6339] vfs_get_tree+0x8f/0x380 [ 58.197158][ T6339] path_mount+0x6e1/0x1f00 [ 58.198391][ T6339] ? kmem_cache_free+0x152/0x4c0 [ 58.199747][ T6339] ? __pfx_path_mount+0x10/0x10 [ 58.201086][ T6339] ? putname+0x13c/0x180 [ 58.202252][ T6339] __ia32_sys_mount+0x292/0x310 [ 58.203614][ T6339] ? __pfx___ia32_sys_mount+0x10/0x10 [ 58.205140][ T6339] ? syscall_user_dispatch+0x77/0x140 [ 58.206696][ T6339] __do_fast_syscall_32+0x73/0x120 [ 58.208159][ T6339] do_fast_syscall_32+0x32/0x80 [ 58.209560][ T6339] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 58.211308][ T6339] RIP: 0023:0xf706e579 [ 58.212410][ T6339] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 58.217764][ T6339] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 58.220149][ T6339] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200001c0 [ 58.222302][ T6339] RDX: 00000000200002c0 RSI: 0000000000000000 RDI: 0000000020000580 [ 58.224811][ T6339] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 58.227023][ T6339] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 58.229555][ T6339] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 58.232248][ T6339] [ 59.211761][ T8] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 59.361896][ T8] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 59.364897][ T8] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.367382][ T8] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.370445][ T8] usb 6-1: config 0 interface 0 has no altsetting 0 [ 59.377319][ T8] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.379940][ T8] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.383856][ T8] usb 6-1: config 0 interface 0 has no altsetting 0 [ 59.386545][ T8] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.389112][ T8] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.392412][ T8] usb 6-1: config 0 interface 0 has no altsetting 0 [ 59.395133][ T8] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.397820][ T8] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.400926][ T8] usb 6-1: config 0 interface 0 has no altsetting 0 [ 59.403940][ T8] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.406669][ T8] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.409796][ T8] usb 6-1: config 0 interface 0 has no altsetting 0 [ 59.412735][ T8] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.415325][ T8] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.418740][ T8] usb 6-1: config 0 interface 0 has no altsetting 0 [ 59.421586][ T8] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.424327][ T8] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.427446][ T8] usb 6-1: config 0 interface 0 has no altsetting 0 [ 59.430066][ T8] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 59.433221][ T8] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 59.436271][ T8] usb 6-1: config 0 interface 0 has no altsetting 0 [ 59.440311][ T8] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 59.445554][ T8] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 59.448009][ T8] usb 6-1: Product: syz [ 59.449222][ T8] usb 6-1: Manufacturer: syz [ 59.450556][ T8] usb 6-1: SerialNumber: syz [ 59.455511][ T8] usb 6-1: config 0 descriptor?? [ 59.463601][ T8] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 60.701337][ T5307] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 60.872316][ T5307] usb 7-1: Using ep0 maxpacket: 32 [ 60.880168][ T5307] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 60.884843][ T5307] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 60.891525][ T5307] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 60.901176][ T5307] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 60.906349][ T5307] usb 7-1: config 0 interface 0 has no altsetting 0 [ 60.913138][ T5307] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 60.915895][ T5307] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 60.918278][ T5307] usb 7-1: Product: syz [ 60.919567][ T5307] usb 7-1: Manufacturer: syz [ 60.920951][ T5307] usb 7-1: SerialNumber: syz [ 60.925853][ T5307] usb 7-1: config 0 descriptor?? [ 60.933550][ T5307] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 60.945398][ T5307] ldusb 7-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 61.244024][ T6437] netlink: 'syz.0.97': attribute type 10 has an invalid length. [ 61.246370][ T6437] netlink: 40 bytes leftover after parsing attributes in process `syz.0.97'. [ 61.249219][ T6437] team0: entered promiscuous mode [ 61.250725][ T6437] team_slave_0: entered promiscuous mode [ 61.255128][ T6437] team_slave_1: entered promiscuous mode [ 61.256943][ T6437] team0: entered allmulticast mode [ 61.258507][ T6437] team_slave_0: entered allmulticast mode [ 61.260233][ T6437] team_slave_1: entered allmulticast mode [ 61.262665][ T6437] bridge0: port 3(team0) entered blocking state [ 61.264549][ T6437] bridge0: port 3(team0) entered disabled state [ 61.268602][ T6437] bridge0: port 3(team0) entered blocking state [ 61.271017][ T6437] bridge0: port 3(team0) entered forwarding state [ 61.731275][ C0] usb 6-1: yurex_control_callback - control failed: -2 [ 61.734108][ T2293] usb 6-1: USB disconnect, device number 3 [ 61.738436][ T2293] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 62.487924][ T6471] ISOFS: Unable to identify CD-ROM format. [ 62.948232][ T6478] can0: slcan on ttyS3. [ 63.411224][ T5305] Bluetooth: hci3: command 0x0405 tx timeout [ 63.471012][ T5307] usb 7-1: USB disconnect, device number 3 [ 63.486052][ T5307] ldusb 7-1:0.0: LD USB Device #1 now disconnected [ 63.666441][ T6493] netlink: 8 bytes leftover after parsing attributes in process `syz.3.111'. [ 63.681681][ T6475] can0 (unregistered): slcan off ttyS3. [ 63.710495][ T6503] vlan2: entered allmulticast mode [ 63.712098][ T6503] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 63.716549][ T6503] mac80211_hwsim hwsim5 wlan1: left allmulticast mode [ 63.802540][ T6508] Cannot find map_set index 0 as target [ 63.890106][ T6512] Cannot find add_set index 0 as target [ 63.986911][ T6516] netlink: 20 bytes leftover after parsing attributes in process `syz.3.117'. [ 64.813368][ T6532] netlink: 'syz.2.121': attribute type 4 has an invalid length. [ 64.815982][ T6532] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.121'. [ 64.916547][ T6537] netdevsim netdevsim1: Direct firmware load for printk failed with error -2 [ 64.919190][ T6537] netdevsim netdevsim1: Falling back to sysfs fallback for: printk [ 64.952776][ T39] audit: type=1326 audit(1737419856.915:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6541 comm="syz.3.126" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f68579 code=0x0 [ 65.061266][ T6551] netlink: 8 bytes leftover after parsing attributes in process `syz.2.128'. [ 65.731277][ T5305] Bluetooth: hci3: command 0x0405 tx timeout [ 65.744083][ T6533] [U] vÔ3 [ 65.946395][ T6577] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 66.179463][ T6585] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.243820][ T6585] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.332758][ T6585] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.385730][ T39] audit: type=1326 audit(1737419858.345:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="syz.2.136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe3579 code=0x7ffc0000 [ 66.393784][ T39] audit: type=1326 audit(1737419858.345:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="syz.2.136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe3579 code=0x7ffc0000 [ 66.402099][ T39] audit: type=1326 audit(1737419858.345:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="syz.2.136" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fe3579 code=0x7ffc0000 [ 66.409944][ T39] audit: type=1326 audit(1737419858.345:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="syz.2.136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe3579 code=0x7ffc0000 [ 66.417895][ T39] audit: type=1326 audit(1737419858.345:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="syz.2.136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe3579 code=0x7ffc0000 [ 66.425984][ T39] audit: type=1326 audit(1737419858.345:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="syz.2.136" exe="/syz-executor" sig=0 arch=40000003 syscall=148 compat=1 ip=0xf7fe3579 code=0x7ffc0000 [ 66.433462][ T39] audit: type=1326 audit(1737419858.345:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="syz.2.136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe3579 code=0x7ffc0000 [ 66.439654][ T39] audit: type=1326 audit(1737419858.345:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="syz.2.136" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe3579 code=0x7ffc0000 [ 66.445928][ T39] audit: type=1326 audit(1737419858.345:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="syz.2.136" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7fe3579 code=0x7ffc0000 [ 66.455521][ T6585] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.491349][ T8] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 66.540428][ T6585] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.545565][ T6585] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.552823][ T6585] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.557370][ T6585] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.614113][ T6602] loop7: detected capacity change from 0 to 16384 [ 66.710595][ T6604] Cannot find set identified by id 0 to match [ 66.864729][ T8] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 66.867278][ T8] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 66.870223][ T8] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 66.872895][ T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 66.876021][ T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 66.880318][ T8] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 66.882970][ T8] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 66.885238][ T8] usb 6-1: Product: syz [ 66.886486][ T8] usb 6-1: Manufacturer: syz [ 66.903158][ T8] cdc_wdm 6-1:1.0: skipping garbage [ 66.904699][ T8] cdc_wdm 6-1:1.0: skipping garbage [ 66.907426][ T8] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 66.909143][ T8] cdc_wdm 6-1:1.0: Unknown control protocol [ 67.041208][ T5307] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 67.182222][ T5977] usb 6-1: USB disconnect, device number 4 [ 67.182256][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 67.187021][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 67.189263][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 67.198477][ T6620] netlink: 40 bytes leftover after parsing attributes in process `syz.3.145'. [ 67.205178][ T5307] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 67.214179][ T5307] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 67.217913][ T5307] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 67.224340][ T5307] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 67.227681][ T5307] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.230655][ T5307] usb 7-1: Product: syz [ 67.233233][ T5307] usb 7-1: Manufacturer: syz [ 67.235035][ T5307] usb 7-1: SerialNumber: syz [ 67.461526][ T9] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 67.612398][ T9] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 67.614953][ T6631] netlink: 'syz.0.148': attribute type 33 has an invalid length. [ 67.616697][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 67.618963][ T6631] netlink: 152 bytes leftover after parsing attributes in process `syz.0.148'. [ 67.622005][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 67.629512][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 67.631158][ T12] bridge0: port 3(team0) entered disabled state [ 67.637285][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 67.640640][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 67.645844][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 67.651646][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 67.655123][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 67.659268][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 67.671569][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 67.675028][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 67.679077][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 67.685089][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 67.688660][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 67.693109][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 67.697380][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 67.701309][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 67.705486][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 67.709391][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 67.712945][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 67.717308][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 67.722519][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 67.726042][ T9] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 67.730235][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 67.735854][ T9] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 67.739778][ T9] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 67.743076][ T9] usb 8-1: Product: syz [ 67.744822][ T9] usb 8-1: Manufacturer: syz [ 67.746706][ T9] usb 8-1: SerialNumber: syz [ 67.750165][ T9] usb 8-1: config 0 descriptor?? [ 67.757427][ T9] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 68.007829][ C0] usb 8-1: yurex_control_callback - control failed: -71 [ 68.008005][ T5977] usb 8-1: USB disconnect, device number 2 [ 68.014095][ T5977] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 68.041152][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 68.201173][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 68.212147][ T9] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 68.214587][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 68.218236][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 68.218253][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 68.218265][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 68.218285][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 68.218296][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.421993][ T9] usb 5-1: GET_CAPABILITIES returned 0 [ 68.423602][ T9] usbtmc 5-1:16.0: can't read capabilities [ 68.830378][ T6658] Driver unsupported XDP return value 0 on prog (id 20) dev N/A, expect packet loss! [ 69.014550][ T6663] FAULT_INJECTION: forcing a failure. [ 69.014550][ T6663] name failslab, interval 1, probability 0, space 0, times 0 [ 69.019369][ T6663] CPU: 0 UID: 0 PID: 6663 Comm: syz.3.157 Not tainted 6.13.0-syzkaller #0 [ 69.022594][ T6663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.026666][ T6663] Call Trace: [ 69.027895][ T6663] [ 69.029051][ T6663] dump_stack_lvl+0x16c/0x1f0 [ 69.030879][ T6663] should_fail_ex+0x497/0x5b0 [ 69.032687][ T6663] ? fs_reclaim_acquire+0xae/0x150 [ 69.034298][ T6663] should_failslab+0xc2/0x120 [ 69.035683][ T6663] __kmalloc_cache_noprof+0x68/0x420 [ 69.037211][ T6663] rtnl_newlink+0x108/0x1d70 [ 69.038539][ T6663] ? hlock_class+0x4e/0x130 [ 69.039843][ T6663] ? __lock_acquire+0xcc5/0x3c40 [ 69.041240][ T6663] ? __pfx_rtnl_newlink+0x10/0x10 [ 69.042673][ T6663] ? __pfx___lock_acquire+0x10/0x10 [ 69.044164][ T6663] ? kmem_cache_free+0x152/0x4c0 [ 69.045585][ T6663] ? aa_get_newest_label+0x376/0x680 [ 69.047096][ T6663] ? find_held_lock+0x2d/0x110 [ 69.048462][ T6663] ? find_held_lock+0x2d/0x110 [ 69.049834][ T6663] ? rtnetlink_rcv_msg+0x93a/0xea0 [ 69.051299][ T6663] ? __pfx_lock_release+0x10/0x10 [ 69.052741][ T6663] ? trace_lock_acquire+0x14e/0x1f0 [ 69.054234][ T6663] ? __pfx_rtnl_newlink+0x10/0x10 [ 69.055682][ T6663] rtnetlink_rcv_msg+0x95b/0xea0 [ 69.057126][ T6663] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 69.058682][ T6663] ? __pfx___dev_queue_xmit+0x10/0x10 [ 69.060217][ T6663] netlink_rcv_skb+0x165/0x410 [ 69.061578][ T6663] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 69.063129][ T6663] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 69.064638][ T6663] ? netlink_deliver_tap+0x1ae/0xca0 [ 69.066141][ T6663] netlink_unicast+0x53c/0x7f0 [ 69.067498][ T6663] ? __pfx_netlink_unicast+0x10/0x10 [ 69.068997][ T6663] ? __phys_addr_symbol+0x30/0x80 [ 69.070425][ T6663] ? __check_object_size+0x488/0x710 [ 69.071943][ T6663] netlink_sendmsg+0x8b8/0xd70 [ 69.073294][ T6663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 69.074803][ T6663] ____sys_sendmsg+0x9ae/0xb40 [ 69.076172][ T6663] ? __pfx_____sys_sendmsg+0x10/0x10 [ 69.077672][ T6663] ? get_compat_msghdr+0x11b/0x170 [ 69.079112][ T6663] ___sys_sendmsg+0x135/0x1e0 [ 69.080456][ T6663] ? __pfx____sys_sendmsg+0x10/0x10 [ 69.081955][ T6663] ? __pfx_lock_release+0x10/0x10 [ 69.083394][ T6663] ? trace_lock_acquire+0x14e/0x1f0 [ 69.084892][ T6663] ? __fget_files+0x206/0x3a0 [ 69.086247][ T6663] __sys_sendmsg+0x16e/0x220 [ 69.087587][ T6663] ? __pfx___sys_sendmsg+0x10/0x10 [ 69.089074][ T6663] __do_fast_syscall_32+0x73/0x120 [ 69.090547][ T6663] do_fast_syscall_32+0x32/0x80 [ 69.091952][ T6663] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 69.093766][ T6663] RIP: 0023:0xf7f68579 [ 69.094938][ T6663] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 69.100342][ T6663] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 69.102710][ T6663] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000000 [ 69.104954][ T6663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 69.107205][ T6663] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 69.109477][ T6663] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 69.111713][ T6663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 69.113961][ T6663] [ 69.539245][ T5307] usb 7-1: 0:2 : does not exist [ 69.558047][ T5307] usb 7-1: USB disconnect, device number 4 [ 69.755892][ T6155] udevd[6155]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 70.769465][ T6682] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 70.774800][ T1412] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.776819][ T1412] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.834558][ T6684] netlink: 8 bytes leftover after parsing attributes in process `syz.3.166'. [ 70.837567][ T833] usb 5-1: USB disconnect, device number 3 [ 71.436075][ T104] Bluetooth: hci4: Frame reassembly failed (-84) [ 73.034372][ T6747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.179'. [ 73.491256][ T65] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 73.491311][ T5305] Bluetooth: hci4: command 0x1003 tx timeout [ 73.697805][ T6762] mmap: syz.3.184 (6762) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 74.213640][ T6771] netlink: 'syz.2.186': attribute type 10 has an invalid length. [ 74.226228][ T6771] netlink: 'syz.2.186': attribute type 10 has an invalid length. [ 74.236222][ T6771] team0: Port device netdevsim0 removed [ 74.244844][ T6771] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 74.257461][ T65] Bluetooth: hci3: unexpected event for opcode 0x0000 [ 74.684843][ T6784] netlink: 4 bytes leftover after parsing attributes in process `syz.3.191'. [ 74.742745][ T833] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 74.892902][ T833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 74.895857][ T833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 74.898620][ T833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 74.904555][ T833] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 74.907109][ T833] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.909300][ T833] usb 5-1: Product: syz [ 74.910461][ T833] usb 5-1: Manufacturer: syz [ 74.913378][ T833] usb 5-1: SerialNumber: syz [ 74.915645][ T833] usb 5-1: config 0 descriptor?? [ 74.976616][ T6793] netlink: 4 bytes leftover after parsing attributes in process `syz.1.195'. [ 75.126526][ T833] adutux 5-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 75.138904][ T6802] netlink: 'syz.2.198': attribute type 12 has an invalid length. [ 75.232419][ T6809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.199'. [ 75.239133][ T6809] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.279735][ T6809] bridge_slave_1 (unregistering): left allmulticast mode [ 75.282860][ T6809] bridge_slave_1 (unregistering): left promiscuous mode [ 75.284886][ T6809] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.336107][ T833] usb 5-1: USB disconnect, device number 4 [ 75.355811][ T6780] netlink: 'syz.0.189': attribute type 5 has an invalid length. [ 75.899523][ T6827] netlink: 'syz.0.201': attribute type 4 has an invalid length. [ 75.904205][ T6827] netlink: 152 bytes leftover after parsing attributes in process `syz.0.201'. [ 76.205614][ T6836] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 76.207558][ T6836] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 76.218780][ T6836] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 76.224161][ T6836] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 76.227102][ T6836] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 76.233868][ T6836] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 76.247537][ T6836] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 76.249503][ T6836] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 76.252770][ T6836] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 76.370099][ T6855] netlink: 'syz.0.205': attribute type 4 has an invalid length. [ 76.408268][ T6859] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 76.529257][ T6870] netlink: 'syz.0.210': attribute type 9 has an invalid length. [ 76.899003][ T6878] 9pnet: Unknown protocol version 9p200 [ 76.908924][ T6878] lo speed is unknown, defaulting to 1000 [ 76.915147][ T6878] lo speed is unknown, defaulting to 1000 [ 76.937228][ T6878] lo speed is unknown, defaulting to 1000 [ 76.971436][ T6878] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 76.996451][ T6878] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 77.043968][ T6878] lo speed is unknown, defaulting to 1000 [ 77.052213][ T6878] lo speed is unknown, defaulting to 1000 [ 77.056362][ T6878] lo speed is unknown, defaulting to 1000 [ 77.060760][ T6878] lo speed is unknown, defaulting to 1000 [ 77.625099][ T6892] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 77.877798][ T6902] 9pnet_fd: Insufficient options for proto=fd [ 78.133275][ T65] Bluetooth: hci1: command 0x0c1a tx timeout [ 78.151194][ T5307] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 78.292523][ T65] Bluetooth: hci3: command 0x0405 tx timeout [ 78.294428][ T65] Bluetooth: hci2: command 0x0c1a tx timeout [ 78.303451][ T5307] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 78.306250][ T5307] usb 7-1: config 0 interface 0 has no altsetting 0 [ 78.311269][ T5307] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 78.314901][ T5307] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.321163][ T5307] usb 7-1: Product: syz [ 78.322433][ T5307] usb 7-1: Manufacturer: syz [ 78.323797][ T5307] usb 7-1: SerialNumber: syz [ 78.330248][ T5307] usb 7-1: config 0 descriptor?? [ 78.335556][ T5307] usb 7-1: selecting invalid altsetting 0 [ 78.550130][ T5307] usb 7-1: USB disconnect, device number 5 [ 78.730627][ T39] kauditd_printk_skb: 15 callbacks suppressed [ 78.730637][ T39] audit: type=1326 audit(1737419870.685:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6938 comm="syz.1.228" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 78.741000][ T39] audit: type=1326 audit(1737419870.685:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6938 comm="syz.1.228" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 78.747173][ T39] audit: type=1326 audit(1737419870.695:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6938 comm="syz.1.228" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 78.755717][ T39] audit: type=1326 audit(1737419870.695:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6938 comm="syz.1.228" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 78.762327][ T39] audit: type=1326 audit(1737419870.695:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6938 comm="syz.1.228" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 78.770265][ T39] audit: type=1326 audit(1737419870.695:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6938 comm="syz.1.228" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 78.778367][ T39] audit: type=1326 audit(1737419870.695:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6938 comm="syz.1.228" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 78.785120][ T39] audit: type=1326 audit(1737419870.695:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6938 comm="syz.1.228" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 78.793697][ T39] audit: type=1326 audit(1737419870.695:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6938 comm="syz.1.228" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 78.796309][ T6941] netlink: 12 bytes leftover after parsing attributes in process `syz.1.229'. [ 78.804389][ T39] audit: type=1326 audit(1737419870.695:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6938 comm="syz.1.228" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000 [ 79.360459][ T6963] netlink: 'syz.1.237': attribute type 4 has an invalid length. [ 79.363099][ T6963] netlink: 17 bytes leftover after parsing attributes in process `syz.1.237'. [ 79.374692][ T6963] openvswitch: netlink: IP tunnel TTL not specified. [ 79.915421][ T6978] 9pnet: Unknown protocol version 9p200 [ 79.916585][ T6976] netlink: 60 bytes leftover after parsing attributes in process `syz.0.242'. [ 79.916591][ T6975] netlink: 60 bytes leftover after parsing attributes in process `syz.0.242'. [ 80.148959][ T6982] overlay: Unknown parameter 'pcr' [ 80.221169][ T5305] Bluetooth: hci1: command 0x0c1a tx timeout [ 80.371802][ T5305] Bluetooth: hci2: command 0x0c1a tx timeout [ 80.374358][ T65] Bluetooth: hci3: command 0x0405 tx timeout [ 80.402643][ T7005] overlayfs: failed to resolve './file0': -2 [ 80.631201][ T5307] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 80.781165][ T5307] usb 7-1: Using ep0 maxpacket: 16 [ 80.783825][ T5307] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 80.786766][ T5307] usb 7-1: config 0 has no interfaces? [ 80.789387][ T5307] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 80.792752][ T5307] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 80.795069][ T5307] usb 7-1: Product: syz [ 80.796290][ T5307] usb 7-1: SerialNumber: syz [ 80.801820][ T5307] usb 7-1: config 0 descriptor?? [ 81.036667][ T1336] cfg80211: failed to load regulatory.db [ 81.056386][ T7013] netlink: 24 bytes leftover after parsing attributes in process `syz.0.250'. [ 81.059264][ T7013] netlink: 24 bytes leftover after parsing attributes in process `syz.0.250'. [ 81.061492][ T5307] usb 7-1: USB disconnect, device number 6 [ 81.193885][ T7016] netlink: 4 bytes leftover after parsing attributes in process `syz.0.251'. [ 81.199025][ T7016] gretap0: entered promiscuous mode [ 81.200824][ T7016] macvtap1: entered promiscuous mode [ 81.203136][ T7016] macvtap1: entered allmulticast mode [ 81.204709][ T7016] gretap0: entered allmulticast mode [ 81.998403][ T7048] 9pnet: Unknown protocol version 9p200 [ 82.292739][ T65] Bluetooth: hci1: command 0x0c1a tx timeout [ 82.411630][ T7053] netlink: 24 bytes leftover after parsing attributes in process `syz.0.266'. [ 82.452679][ T65] Bluetooth: hci3: command 0x0405 tx timeout [ 82.452749][ T5305] Bluetooth: hci2: command 0x0c1a tx timeout [ 82.611991][ T5997] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 82.659689][ T5305] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 82.772833][ T5997] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 82.779020][ T5997] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 82.784506][ T5997] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 82.792455][ T5997] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 82.794987][ T5997] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.797317][ T5997] usb 6-1: Product: syz [ 82.798522][ T5997] usb 6-1: Manufacturer: syz [ 82.799870][ T5997] usb 6-1: SerialNumber: syz [ 82.832927][ T5997] usb 6-1: config 0 descriptor?? [ 82.862783][ T7063] FAULT_INJECTION: forcing a failure. [ 82.862783][ T7063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 82.868277][ T7063] CPU: 3 UID: 0 PID: 7063 Comm: syz.3.261 Not tainted 6.13.0-syzkaller #0 [ 82.871510][ T7063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 82.875637][ T7063] Call Trace: [ 82.876992][ T7063] [ 82.878223][ T7063] dump_stack_lvl+0x16c/0x1f0 [ 82.880074][ T7063] should_fail_ex+0x497/0x5b0 [ 82.881916][ T7063] _copy_to_user+0x32/0xd0 [ 82.883656][ T7063] put_old_timespec32+0x194/0x1e0 [ 82.885616][ T7063] ? __pfx_put_old_timespec32+0x10/0x10 [ 82.887726][ T7063] ? read_tsc+0x9/0x20 [ 82.889319][ T7063] ? ktime_get_ts64+0x256/0x400 [ 82.891210][ T7063] poll_select_finish+0x5c4/0x6b0 [ 82.893160][ T7063] ? __pfx_poll_select_finish+0x10/0x10 [ 82.895298][ T7063] ? lockdep_hardirqs_on+0x7c/0x110 [ 82.897273][ T7063] ? _raw_spin_unlock_irq+0x2e/0x50 [ 82.899264][ T7063] __ia32_compat_sys_ppoll_time32+0x25c/0x2c0 [ 82.901642][ T7063] ? __pfx___ia32_compat_sys_ppoll_time32+0x10/0x10 [ 82.904139][ T7063] ? __secure_computing+0x273/0x3f0 [ 82.906134][ T7063] do_int80_emulation+0x104/0x200 [ 82.908067][ T7063] asm_int80_emulation+0x1a/0x20 [ 82.909953][ T7063] RIP: 0023:0xf7f68579 [ 82.911495][ T7063] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 82.918504][ T7063] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 0000000000000135 [ 82.921667][ T7063] RAX: ffffffffffffffda RBX: 0000000020000280 RCX: 0000000000000003 [ 82.924639][ T7063] RDX: 0000000020000300 RSI: 00000000200003c0 RDI: 0000000000000008 [ 82.927688][ T7063] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 82.930642][ T7063] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 82.933580][ T7063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 82.936593][ T7063] [ 82.971416][ T2293] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 83.050037][ T5997] adutux 6-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 83.252659][ T5307] usb 6-1: USB disconnect, device number 5 [ 83.376289][ T7051] netlink: 'syz.1.258': attribute type 5 has an invalid length. [ 85.225307][ T5305] ================================================================== [ 85.228523][ T5305] BUG: KASAN: slab-use-after-free in l2cap_sock_ready_cb+0x16a/0x170 [ 85.231603][ T5305] Read of size 8 at addr ffff888063add188 by task kworker/u33:1/5305 [ 85.236062][ T5305] [ 85.237021][ T5305] CPU: 3 UID: 0 PID: 5305 Comm: kworker/u33:1 Not tainted 6.13.0-syzkaller #0 [ 85.240319][ T5305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.244370][ T5305] Workqueue: hci1 hci_rx_work [ 85.246209][ T5305] Call Trace: [ 85.247520][ T5305] [ 85.248685][ T5305] dump_stack_lvl+0x116/0x1f0 [ 85.250500][ T5305] print_report+0xc3/0x620 [ 85.252224][ T5305] ? __virt_addr_valid+0x5e/0x590 [ 85.254143][ T5305] ? __phys_addr+0xc6/0x150 [ 85.255890][ T5305] kasan_report+0xd9/0x110 [ 85.257619][ T5305] ? l2cap_sock_ready_cb+0x16a/0x170 [ 85.259654][ T5305] ? l2cap_sock_ready_cb+0x16a/0x170 [ 85.261707][ T5305] l2cap_sock_ready_cb+0x16a/0x170 [ 85.263490][ T5305] l2cap_le_start+0x1ec/0xe30 [ 85.265086][ T5305] ? __pfx___mutex_lock+0x10/0x10 [ 85.266785][ T5305] ? __pfx_l2cap_le_start+0x10/0x10 [ 85.268515][ T5305] ? __pfx_l2cap_global_fixed_chan+0x10/0x10 [ 85.270506][ T5305] ? __l2cap_chan_add+0x3db/0xa20 [ 85.272214][ T5305] l2cap_connect_cfm+0x9a9/0xf10 [ 85.273897][ T5305] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 85.275720][ T5305] ? hci_cb_lookup+0x319/0x4e0 [ 85.277380][ T5305] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 85.279208][ T5305] le_conn_complete_evt+0x1623/0x1d10 [ 85.281027][ T5305] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 85.282922][ T5305] hci_le_conn_complete_evt+0x23c/0x370 [ 85.284780][ T5305] hci_le_meta_evt+0x2e2/0x5d0 [ 85.286389][ T5305] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 85.288442][ T5305] hci_event_packet+0x666/0x1190 [ 85.290130][ T5305] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 85.291888][ T5305] ? __pfx_hci_event_packet+0x10/0x10 [ 85.293687][ T5305] ? mark_held_locks+0x9f/0xe0 [ 85.295316][ T5305] ? kcov_remote_start+0x3cf/0x6e0 [ 85.297053][ T5305] ? lockdep_hardirqs_on+0x7c/0x110 [ 85.298781][ T5305] hci_rx_work+0x2c5/0x16b0 [ 85.300164][ T5305] ? process_one_work+0x8bb/0x1b30 [ 85.301891][ T5305] process_one_work+0x958/0x1b30 [ 85.303538][ T5305] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 85.305400][ T5305] ? __pfx_process_one_work+0x10/0x10 [ 85.307192][ T5305] ? rcu_is_watching+0x12/0xc0 [ 85.308828][ T5305] ? assign_work+0x1a0/0x250 [ 85.310391][ T5305] worker_thread+0x6c8/0xf00 [ 85.311964][ T5305] ? __pfx_worker_thread+0x10/0x10 [ 85.313679][ T5305] kthread+0x2c1/0x3a0 [ 85.315030][ T5305] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.316817][ T5305] ? __pfx_kthread+0x10/0x10 [ 85.318401][ T5305] ret_from_fork+0x45/0x80 [ 85.319905][ T5305] ? __pfx_kthread+0x10/0x10 [ 85.321504][ T5305] ret_from_fork_asm+0x1a/0x30 [ 85.323136][ T5305] [ 85.324181][ T5305] [ 85.325005][ T5305] Allocated by task 7110: [ 85.326475][ T5305] kasan_save_stack+0x33/0x60 [ 85.328082][ T5305] kasan_save_track+0x14/0x30 [ 85.329682][ T5305] __kasan_kmalloc+0xaa/0xb0 [ 85.331222][ T5305] __kmalloc_noprof+0x21a/0x4f0 [ 85.332872][ T5305] sk_prot_alloc+0x1a8/0x2a0 [ 85.334417][ T5305] sk_alloc+0x36/0xb90 [ 85.335804][ T5305] bt_sock_alloc+0x3b/0x3a0 [ 85.337357][ T5305] l2cap_sock_alloc.constprop.0+0x33/0x1c0 [ 85.339294][ T5305] l2cap_sock_create+0x123/0x1f0 [ 85.340936][ T5305] bt_sock_create+0x182/0x350 [ 85.342508][ T5305] __sock_create+0x335/0x8d0 [ 85.344059][ T5305] __sys_socket+0x14f/0x260 [ 85.345570][ T5305] __ia32_sys_socket+0x72/0xb0 [ 85.347203][ T5305] __do_fast_syscall_32+0x73/0x120 [ 85.348910][ T5305] do_fast_syscall_32+0x32/0x80 [ 85.350518][ T5305] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 85.352638][ T5305] [ 85.353454][ T5305] Freed by task 7110: [ 85.354800][ T5305] kasan_save_stack+0x33/0x60 [ 85.356377][ T5305] kasan_save_track+0x14/0x30 [ 85.357869][ T5305] kasan_save_free_info+0x3b/0x60 [ 85.359552][ T5305] __kasan_slab_free+0x51/0x70 [ 85.361219][ T5305] kfree+0x14f/0x4b0 [ 85.362564][ T5305] __sk_destruct+0x5eb/0x720 [ 85.364118][ T5305] sk_destruct+0xc2/0xf0 [ 85.365543][ T5305] __sk_free+0xf4/0x3e0 [ 85.366951][ T5305] sk_free+0x6a/0x90 [ 85.368269][ T5305] l2cap_sock_kill+0x171/0x2d0 [ 85.369896][ T5305] l2cap_sock_release+0x189/0x210 [ 85.371630][ T5305] __sock_release+0xb0/0x270 [ 85.373211][ T5305] sock_close+0x1c/0x30 [ 85.374637][ T5305] __fput+0x3f8/0xb60 [ 85.376009][ T5305] task_work_run+0x14e/0x250 [ 85.377620][ T5305] syscall_exit_to_user_mode+0x27b/0x2a0 [ 85.379506][ T5305] __do_fast_syscall_32+0x80/0x120 [ 85.381263][ T5305] do_fast_syscall_32+0x32/0x80 [ 85.382875][ T5305] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 85.384978][ T5305] [ 85.385789][ T5305] The buggy address belongs to the object at ffff888063add000 [ 85.385789][ T5305] which belongs to the cache kmalloc-2k of size 2048 [ 85.390279][ T5305] The buggy address is located 392 bytes inside of [ 85.390279][ T5305] freed 2048-byte region [ffff888063add000, ffff888063add800) [ 85.394747][ T5305] [ 85.395542][ T5305] The buggy address belongs to the physical page: [ 85.397634][ T5305] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x63ad8 [ 85.400483][ T5305] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 85.403296][ T5305] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 85.405848][ T5305] page_type: f5(slab) [ 85.407210][ T5305] raw: 04fff00000000040 ffff88801ac42f00 dead000000000100 dead000000000122 [ 85.410091][ T5305] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 85.413015][ T5305] head: 04fff00000000040 ffff88801ac42f00 dead000000000100 dead000000000122 [ 85.415879][ T5305] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 85.418803][ T5305] head: 04fff00000000003 ffffea00018eb601 ffffffffffffffff 0000000000000000 [ 85.421688][ T5305] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 85.424548][ T5305] page dumped because: kasan: bad access detected [ 85.426702][ T5305] page_owner tracks the page as allocated [ 85.428574][ T5305] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5940, tgid 5940 (syz-executor), ts 44953963543, free_ts 0 [ 85.435277][ T5305] post_alloc_hook+0x2d1/0x350 [ 85.436923][ T5305] get_page_from_freelist+0xfce/0x2f80 [ 85.438731][ T5305] __alloc_pages_noprof+0x223/0x25b0 [ 85.440504][ T5305] alloc_pages_mpol_noprof+0x2c8/0x620 [ 85.442078][ T5305] new_slab+0x2c9/0x410 [ 85.443220][ T5305] ___slab_alloc+0xce2/0x1650 [ 85.444545][ T5305] __slab_alloc.constprop.0+0x56/0xb0 [ 85.446040][ T5305] __kmalloc_noprof+0x2de/0x4f0 [ 85.447418][ T5305] sk_prot_alloc+0x1a8/0x2a0 [ 85.448685][ T5305] sk_alloc+0x36/0xb90 [ 85.449836][ T5305] __netlink_create+0x5e/0x2c0 [ 85.451208][ T5305] netlink_create+0x3a4/0x630 [ 85.452569][ T5305] __sock_create+0x335/0x8d0 [ 85.453901][ T5305] __sys_socket+0x14f/0x260 [ 85.455160][ T5305] __do_compat_sys_socketcall+0x57e/0x700 [ 85.456755][ T5305] __do_fast_syscall_32+0x73/0x120 [ 85.458187][ T5305] page_owner free stack trace missing [ 85.459652][ T5305] [ 85.460329][ T5305] Memory state around the buggy address: [ 85.461890][ T5305] ffff888063add080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.464065][ T5305] ffff888063add100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.466211][ T5305] >ffff888063add180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.468367][ T5305] ^ [ 85.469549][ T5305] ffff888063add200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.471719][ T5305] ffff888063add280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.473856][ T5305] ================================================================== [ 85.476861][ T5305] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.478916][ T5305] CPU: 2 UID: 0 PID: 5305 Comm: kworker/u33:1 Not tainted 6.13.0-syzkaller #0 [ 85.481745][ T5305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.484670][ T5305] Workqueue: hci1 hci_rx_work [ 85.486098][ T5305] Call Trace: [ 85.487084][ T5305] [ 85.488004][ T5305] dump_stack_lvl+0x3d/0x1f0 [ 85.489355][ T5305] panic+0x71d/0x800 [ 85.490504][ T5305] ? __pfx_panic+0x10/0x10 [ 85.491934][ T5305] ? irqentry_exit+0x3b/0x90 [ 85.493248][ T5305] ? lockdep_hardirqs_on+0x7c/0x110 [ 85.494696][ T5305] ? preempt_schedule_thunk+0x1a/0x30 [ 85.496498][ T5305] ? preempt_schedule_common+0x44/0xc0 [ 85.498072][ T5305] check_panic_on_warn+0xab/0xb0 [ 85.499442][ T5305] end_report+0x117/0x180 [ 85.500662][ T5305] kasan_report+0xe9/0x110 [ 85.501935][ T5305] ? l2cap_sock_ready_cb+0x16a/0x170 [ 85.503405][ T5305] ? l2cap_sock_ready_cb+0x16a/0x170 [ 85.504914][ T5305] l2cap_sock_ready_cb+0x16a/0x170 [ 85.506362][ T5305] l2cap_le_start+0x1ec/0xe30 [ 85.507694][ T5305] ? __pfx___mutex_lock+0x10/0x10 [ 85.509050][ T5305] ? __pfx_l2cap_le_start+0x10/0x10 [ 85.510514][ T5305] ? __pfx_l2cap_global_fixed_chan+0x10/0x10 [ 85.512163][ T5305] ? __l2cap_chan_add+0x3db/0xa20 [ 85.513566][ T5305] l2cap_connect_cfm+0x9a9/0xf10 [ 85.514951][ T5305] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 85.516496][ T5305] ? hci_cb_lookup+0x319/0x4e0 [ 85.517900][ T5305] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 85.519380][ T5305] le_conn_complete_evt+0x1623/0x1d10 [ 85.520869][ T5305] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 85.522425][ T5305] hci_le_conn_complete_evt+0x23c/0x370 [ 85.524210][ T5305] hci_le_meta_evt+0x2e2/0x5d0 [ 85.525596][ T5305] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 85.527264][ T5305] hci_event_packet+0x666/0x1190 [ 85.528600][ T5305] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 85.530122][ T5305] ? __pfx_hci_event_packet+0x10/0x10 [ 85.531689][ T5305] ? mark_held_locks+0x9f/0xe0 [ 85.533256][ T5305] ? kcov_remote_start+0x3cf/0x6e0 [ 85.534863][ T5305] ? lockdep_hardirqs_on+0x7c/0x110 [ 85.536370][ T5305] hci_rx_work+0x2c5/0x16b0 [ 85.537687][ T5305] ? process_one_work+0x8bb/0x1b30 [ 85.539224][ T5305] process_one_work+0x958/0x1b30 [ 85.540623][ T5305] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 85.542251][ T5305] ? __pfx_process_one_work+0x10/0x10 [ 85.543789][ T5305] ? rcu_is_watching+0x12/0xc0 [ 85.545225][ T5305] ? assign_work+0x1a0/0x250 [ 85.546545][ T5305] worker_thread+0x6c8/0xf00 [ 85.547888][ T5305] ? __pfx_worker_thread+0x10/0x10 [ 85.549364][ T5305] kthread+0x2c1/0x3a0 [ 85.550544][ T5305] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.552053][ T5305] ? __pfx_kthread+0x10/0x10 [ 85.553375][ T5305] ret_from_fork+0x45/0x80 [ 85.554658][ T5305] ? __pfx_kthread+0x10/0x10 [ 85.556019][ T5305] ret_from_fork_asm+0x1a/0x30 [ 85.557405][ T5305] [ 85.558890][ T5305] Kernel Offset: disabled [ 85.560087][ T5305] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:37:57 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000004 RBX=0000000000000001 RCX=1ffffffff2d43c8a RDX=0000000000000002 RSI=ffff888021390b08 RDI=ffff888021390000 RBP=0000000000000002 RSP=ffffc90006f47aa8 R8 =0000000000000000 R9 =fffffbfff2d37bb6 R10=ffffffff969bddb7 R11=0000000000000002 R12=ffff888021390000 R13=dffffc0000000000 R14=ffff888021390ae0 R15=ffff888021833a80 RIP=ffffffff8175f290 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f200ffc CR3=000000004c77e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=ffffc900047973f0 RCX=0000000000000000 RDX=dffffc0000000000 RSI=0000000000000000 RDI=ffff88802b528a88 RBP=0000000000000001 RSP=ffffc900047973e8 R8 =0000000000000001 R9 =0000000000000000 R10=ffffffff901d29d7 R11=0000000000000001 R12=0000000000000000 R13=ffff88802b528a88 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff817654fe RFL=00000096 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f304ffc CR3=000000006f35e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000005 RBX=1ffff92000688ec8 RCX=ffffc90003447680 RDX=0000000000000002 RSI=ffff888067c2c318 RDI=ffff888024e90000 RBP=0000000000000007 RSP=ffffc90003447610 R8 =0000000000000000 R9 =fffffbfff203a53a R10=ffffffff901d29d7 R11=0000000000000001 R12=ffff888067c2c318 R13=ffff888067c2c318 R14=ffffc90003447680 R15=0000000000000001 RIP=ffffffff81755017 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f219ffc CR3=000000006f35e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fefeffd0 Opmask01=0000000000000003 Opmask02=000000000000ffdf Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000559ad6efb500 0000559ad6f05d60 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ff0000000000 00000000ff000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000051 0000000000000000 44455a494c414954 494e495f43455355 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079617272 6120656c75722079 7261726f706d6574 002a3f005b3f2a00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000101 0000000000000000 000000003130323a 316963682f316963 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000559ad6ef5fe8 0000559ad6ef5fe8 0000000000000041 0000559ad600302e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4943213f395b2249 5a6e786b6e646b7e 59647a305f474f5b 647c79303a243a78 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 26483b3a3a264b3b 3a0a00307f617930 3b2433273f397b27 697a787c69303b7e ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85145395 RDI=ffffffff9a66e200 RBP=ffffffff9a66e1c0 RSP=ffffc9000e1ef170 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6133363038386552 R12=0000000000000000 R13=0000000000000061 R14=ffffffff85145330 R15=0000000000000000 RIP=ffffffff851453bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c30a5f3 CR3=000000004c77e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000