last executing test programs: 11m11.350282779s ago: executing program 1 (id=1644): r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0585605, &(0x7f0000000100)={0x1, 0x1, @raw_data=[0x0, 0x0, 0x1013, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x4, 0x20000000]}) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f00000003c0)=""/28) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_usbip_server_init(0x3) openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/164, &(0x7f0000000100)=""/47, 0xf000}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000340)) r3 = dup(r0) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x1, r3}) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x4903, 0x0) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x82e00, 0x0) fdatasync(0xffffffffffffffff) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000007000000020000000008000000000000", @ANYRES32, @ANYBLOB="feffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r4, 0x0, 0xa002a0}, 0x38) 11m10.688132342s ago: executing program 1 (id=1646): creat(&(0x7f0000000000)='./file0\x00', 0x0) io_setup(0x800, &(0x7f0000000500)=0x0) io_submit(r0, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000300)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2c, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) mknod$loop(0x0, 0xfff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x1, 0x7, 0x7, 0x9, 0x7}]}) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000000c0)=0x3) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f0000000100)={0xb6, 0x0, 0x7}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000000)={0xd2f0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000440)='contention_end\x00', r6}, 0x18) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000003c0)={0x2c, r7, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000840}, 0x4000000) socket$inet_smc(0x2b, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11m9.478004068s ago: executing program 1 (id=1651): connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x6, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000009c0)=ANY=[@ANYRESHEX, @ANYRESOCT, @ANYRESOCT, @ANYRESOCT, @ANYBLOB="2a107f8014bab27778a816a368f69b5156c547602f0e6193ec686f7df4267fcda5102c33aeb4b5a901c3f5a47d5a11490fa2185ff6b6bf7c0def9b57917a59bdb0000811c734be57a3bbce814a594c87218f138388da44b564a53a82ce59ea136d8775fa69557b97f731eccf5403a765cf29ef40d27140b4252b58e6b3c324583de15e7e2009068f071a80d1917b6f961c3faff4aa5153600e21dd098b4d1b7f7388177ea7862f1c4190f795b9eefbdeb7a76ea8ade8ae0765ef5cb99a2a833d3b5adcdd163437fd80f071c44b8f79d2de372a144c774273fbf870985cefa3423c7424f77de8d1df509c9cfe2289f562ad163b", @ANYBLOB="ed425ae9f06c0b28d9de175a3d38f9a98ab16572e41aa26f52b252f7ad050a540e54a7a06c447b303b2cfc17f9ee81b5631bb25b04bfb70422a7b972f32cb51f0a17123d95766488b0ac05d8af2c5779ae6124271183dc7cb8565f4308e64299b10a9365fa77614cc51df47fb91d4312efdf6d2940c00e4202252b7c3c950ac6bf59f8", @ANYBLOB="afce528ef84a"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) openat$dlm_monitor(0xffffff9c, &(0x7f0000000000), 0x40, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') io_uring_setup(0x2e34, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000), 0x13f}}, 0x20) chdir(&(0x7f0000000100)='./file0\x00') r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) pwritev2(r6, &(0x7f0000000980)=[{0x0}, {&(0x7f0000000500)="be81e1310fb465f31a42f6efa58772d291c57be2782f6ff63ea3517e50771580447f7d195ee15e186027d518b2c77a051895fece1dc014c33d6928ab0376cf4077399b51451472f53be50af6897bc0fa353cad9156d19de3665191fdf17a2f07f4286cea5c10fbb81feb85e406524a47b1978139eaa8", 0x76}, {0x0}], 0x3, 0x5, 0xa, 0x14) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000000), 0x4) 11m7.828814759s ago: executing program 1 (id=1656): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00') r1 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r1, 0x0) setpgid(0x0, r1) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x40) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="7be0e19eef4f6fb6c6c7f8d9cba067e8eb2cc48a62e22a727fcd8466c4beac9ee41ea9b1da7ccc7bfe5455562e68aeeea11b9cb54d1268d880d6", @ANYBLOB="80be2267ab871e599a896ba6772656ef6eed3210022163e0b75a14afcffb0db4dfacbeb38570ac5099c59c70e3260ff032f45c0b45fe88e2d5dfff94f6eec4bddd59287530b644d5e286b0812c314ea00b10a251bb4cf1fc45f35418b54af05ef93b40d1c5eb6748e85bad5e7215fd4316170485977b28d7aee6954cd8ba47c967f1", @ANYRES32=r0, @ANYRESOCT=r2, @ANYRES8=r0], 0xb4}, 0x1, 0x0, 0x0, 0x400c0d1}, 0x0) r3 = openat$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', 0x400080, 0x100) mknodat$null(r3, &(0x7f0000000040)='./file0\x00', 0x1, 0x103) 11m7.744820437s ago: executing program 1 (id=1658): socket$inet_mptcp(0x2, 0x1, 0x106) openat$audio1(0xffffffffffffff9c, &(0x7f0000000180), 0x189202, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x400000001, 0x0, 0x2, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$9p_virtio(0x0, 0x0, 0x0, 0x800040, &(0x7f0000000200)=ANY=[@ANYBLOB="7472616e733d76697274696f2c6e6f78617474722c756e616d653d5e2c6e6f657874656e642c64656275671d3078303030303030303030303030303030362c6163636573733d757365722c63616368653d6c6f6f7365"]) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000000)='cifs\x00', 0x0, &(0x7f00000001c0)='=\n\x9b\xa1Q\x83\xe9\n@\xf6\"2a\xd7\x1fch\x1a}#\xfa\xe4\n\xdc[\x03\x97\xcd\xf1\xa6b\x9a\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nS\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|') r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x3, 0x3f, 0x0, r1}, &(0x7f0000000280)=0x0, &(0x7f00000001c0)=0x0) setrlimit(0xd, &(0x7f0000000280)={0xc800, 0x10001}) setpriority(0x1, 0x0, 0x80000000) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='stat\x00') read$eventfd(r5, &(0x7f0000000280), 0x8) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0}) read$msr(0xffffffffffffffff, 0x0, 0x0) close(r5) r6 = accept4$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000200)=0x1c, 0x80800) recvmsg(r6, &(0x7f0000000580)={&(0x7f0000000380)=@ax25={{0x3, @default}, [@bcast, @null, @default, @rose, @netrom, @bcast, @default, @default]}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000400)=""/168, 0xa8}], 0x1, &(0x7f00000004c0)=""/148, 0x94}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000008c0)='contention_end\x00'}, 0x18) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000000c0)={"f2efe21e", 0x401, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "89827f045cfe00", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]}) io_uring_enter(r2, 0x2def, 0x4000, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x5, 0xfffffffbfffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0xd18, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 11m7.48711206s ago: executing program 1 (id=1662): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x0, 0x0) timer_create(0x7, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2b, 0x1000004, {{@in6=@loopback, @in=@rand_addr=0x64010112, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x200000, 0x20000000, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x820000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x3c}, 0xa, @in=@empty, 0x6, 0x4, 0x3}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) (fail_nth: 17) 11m7.468184375s ago: executing program 32 (id=1662): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x0, 0x0) timer_create(0x7, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2b, 0x1000004, {{@in6=@loopback, @in=@rand_addr=0x64010112, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x200000, 0x20000000, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x820000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x3c}, 0xa, @in=@empty, 0x6, 0x4, 0x3}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) (fail_nth: 17) 44.551600482s ago: executing program 3 (id=4370): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) (async) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffffffffffffffff}}, './file0\x00'}) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x7, '\x00', r0, r1, 0x0, 0x3, 0x5}, 0x50) (async) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r2) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xc4, r4, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x34}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x515}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x9}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7fff}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xd647}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x401}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x4}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x40010}, 0x4048004) (async) delete_module(&(0x7f0000000300)='\x00', 0x800) timer_create(0x0, &(0x7f0000000500)={0x0, 0x22, 0x0, @thr={&(0x7f0000000340)="2ee54b690eeccb872b32914ce172036b4d5c88d3ff252e5d8c880859fbaad6f5d335309f40e1c35a9c25970d7c9ec98cfc4e3dc7431bd7da6a2cf0f263c3eb6e6d5c7b8c920a76a5a38a21dd13f3020bae1e5340cfd6f0b5944ed621aa403c943fcff26122759b8830cf2adc1d22231d5eb55a2f19dd80a0384f07f04b1b7a4f7875cbf289ac64a4c9bf36b9e29b9e18c9c89a95f05beccf60d7bd0a68d26fa41bd2c1247c0be37a9816d8658b62c46f5c0ab55e09678a4fa1ddfd85f9b35f805f9e212506d1efc7df54505ab40399061cd2e83550c81b2af425bac2be", &(0x7f0000000440)="036f903a4ebf638c3a7d2ec2347123f535ac7f0d765715e3eb1013f55578f43485f346c557d73d693305403f5ce1b3cd37ed9db661d7b150b15ec6813ca8bdb2e5c637e7569cadb26c1fcd191cb2fba8a5b70e8aba96fb06a06903abfe0de4a39e525b43bcf3968be94fdc5d3ff160af4cac5cb13969caa6e7b05bd6d858b60a61bd70e97979215e0116f449f9ff4459649e58af0207f177d557f23880da1b92f90cb2a80807ce141ffd2abc213fb1ff00665f7cf99b151e"}}, &(0x7f0000000540)=0x0) clock_gettime(0x0, &(0x7f0000000580)={0x0, 0x0}) timer_settime(r5, 0x0, &(0x7f00000005c0)={{}, {r6, r7+10000000}}, &(0x7f0000000600)) (async) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (async) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000680), r2) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x24, r9, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x48081) (async, rerun: 64) r10 = syz_genetlink_get_family_id$nbd(&(0x7f00000007c0), r8) (rerun: 64) sendmsg$NBD_CMD_STATUS(r8, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x8001000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x2c, r10, 0x2, 0x70bd25, 0x25dfdbff, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x8}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xfff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004890}, 0x40881) (async) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f00000008c0)=0x9) (async) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r1, &(0x7f0000000a80)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000a40)={&(0x7f0000000940)={0xc8, 0x0, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x14, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x5}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x28, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r0}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xf}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x1c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x9}]}, 0xc8}, 0x1, 0x0, 0x0, 0x20004040}, 0x0) (async, rerun: 64) r11 = socket$inet_sctp(0x2, 0x0, 0x84) (rerun: 64) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r11, 0x84, 0x21, &(0x7f0000000ac0), &(0x7f0000000b00)=0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) r12 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000b80), r8) sendmsg$NLBL_UNLABEL_C_STATICLIST(r8, &(0x7f0000000cc0)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000bc0)={0xa0, r12, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}, @NLBL_UNLABEL_A_SECCTX={0x2b, 0x7, 'system_u:object_r:default_context_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010101}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @loopback}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x40}}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000001}, 0x80) (async) openat$fuse(0xffffff9c, &(0x7f0000000d00), 0x2, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x28) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000d40)={r3}, 0x4) r13 = openat$cuse(0xffffff9c, &(0x7f0000000d80), 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r13, 0x8400941f, &(0x7f0000000dc0)) (async) timer_create(0x5, &(0x7f0000001300)={0x0, 0x24, 0x2, @thr={&(0x7f00000011c0)="1ae39546ced6ccb8ca0150462879aebb5a4a7c3988b46d75391d016be52c1b51f7702dd5002558cdb35cc66fab2b3bcf1b3873c4b8f8d02f55212c8be8aac598fc27d7a972130080d2d07582b1fe3365ae570fb5755d69ffb519ed034973bedb045b18e2e1301a4930e4d139095fc2dad3ee328a5a1ff66c60f028fefc74bcceb8ec87553a85825cfe23f1ef2b73b5753200d4e855935690a841044958e0ee2c1e37a0b6bbc1f2b9060d42d0c3574da8b46beb698d4fccea3881d721017a71054036461296c066f47df02f864126e0b8c23f8264e9ef931d2b42b86fdc13ae2a16814b234e97f6df4e44990cc3", &(0x7f00000012c0)="42a3a9dde42737f8234a4bde789802822f0e996f468139fd5bd0"}}, &(0x7f0000001340)=0x0) timer_gettime(r14, &(0x7f0000001380)) 44.551110947s ago: executing program 3 (id=4372): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000500)={{{@in6=@private2, @in6=@ipv4={""/10, ""/2, @broadcast}}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, 0x0) ioperm(0x284, 0x7f, 0xe3) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[], 0x14}}, 0x0) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000fc0), r1) sendmsg$NL802154_CMD_SET_TX_POWER(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x14, r2, 0x926fdb2c68a18847, 0x1000, 0x0, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x24044815}, 0x0) socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r3, 0x0, 0x0, 0x0, {}, 0x1}) r7 = openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r8 = socket(0x10, 0x3, 0x0) r9 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, r10, {0x0, 0x3}, {0xffff, 0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24040800}, 0x0) readv(r7, &(0x7f0000000c40)=[{&(0x7f00000003c0)=""/7, 0x7}], 0x1) r11 = memfd_create(&(0x7f0000001240)='[\v\xdbX\xae[\x1a\xad\xd1md\xc8\x85HX\xa9%\f\x1a,\xe2\x9c\xb4\xd7\xbc\xf1\xb3\x86\xe2/Op\xd0\xa2\x82\x1eb;(\xb5\xe1j\xc8\f\xe5\x89\x17\xee|J\x90=5\xed\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q%\x8a\xda\x05\x00f\xe3j%\x00\x00\x1c#\xc6\xd8\xdbD\x92P\xe16W\x10\xdau\xc7\x8f\xaa\x8d\xa9\x97\x9d\xcb\x1e\x80\xe7\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\xbdD\xcc\'\xa2\xaf`\xf6L\x0e\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecM\xe4H\xb7\xaf\xa8\x96dh\xa9\xab > \xac\x00O^\x14\xcbv\x17Hkb\xe7\xcb\x9d;\xd2\x9f\x05\xd1\x00\x8b\xd3\x9f\a\x99^v\xf7\xfa\xe5\xf0h\x87l\xd9\x15\xd2\x87~?\xb1\x9d\xc1\x92`\x8a\r\xfc\xeb\x14\xd1\x94\fv\x8a\xe3\x1d\x0fj}\x9f\xedsc\xd3\xee\xe6cXw\xa1\xbc\xd0o\xf9\x9cJ\b\x00\xd8;\\ik0+\xc8\xf2\x87\xdf\t\x97\x9dB\xc1\xa0\xa71\xf25GU|]A\x1eel \x8ff\xc6\nt\xd0\x91\x9d\x8c\xa4\xe5\xde\x06\x00\xffE\xf4\x96#\x92-9\xe5\xa7\xf8%\xb0I\xd4\x91r\xbf\x1bOS\xee}\x16\x87\x05\xf2\xb9\x81\x14\xe2NZ\\I\xd0[\xc4\xf2\"\x87\xf5\xb8\x95.M\xb1S\xbd\xe4i\x00\xc1b\t]?}0\t\xebV\xbci\xa5\x05\xca\xb6\xc22\x7fL\x89&\xa0\xcfMULr0rs\xb4\n\xa6)\xe23\xf0\x8d\x9dO\xb9\xc9\x83\xabS\x013\"\x1b\x97K\x17\x16\x89\a\xee\xc903\xad\x15\x1cH\xd2\x95\x91\xb4$\x1b\xbf\xaf\xf5\x9b\xc2\x85\xe7[\xe5\xfb}\x1d@f2\x11\x13Y\x98\xa4\xecWEE\x9eI\x05\v\x11\xad\x93!^T\xe5N\xf6LI\x9a6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x1a\xc9(a\x06>g\xe5\x00:\x9au\xef\x14\t\x1f8E\x86\xcb\xd0e\x17\xfb\xc1', 0x1) fsetxattr$security_ima(r11, &(0x7f0000000080), 0x0, 0x0, 0x0) write$binfmt_script(r11, &(0x7f0000003b80)={'#! ', './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0'}, 0x1002) execveat(r11, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) fchmod(0xffffffffffffffff, 0x134) mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f00000002c0)={'trans=rdma,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@timeout}]}}) unshare(0x68040200) sysinfo(0x0) 43.620354486s ago: executing program 3 (id=4377): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x0, {0x5, 0x2, 0xfffffffffffffffe, 0x0, 0x0, 0x0, {0x40, 0x3, 0x0, 0xffff, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x120, 0x2000, 0x0, 0x0, 0x0, 0x501, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x14c0348, 0x40, 0x1, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}}, 0x50) openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x1) 42.761669195s ago: executing program 3 (id=4382): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') r1 = openat$null(0xffffff9c, &(0x7f0000000180), 0x181, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000340)={'vlan0\x00'}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1a1011, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f00000003c0)='./file0\x00', 0xa) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xffffffba, 0x5, r6}, @IFLA_IFALIASn]}, 0x4c}}, 0x0) 42.55253023s ago: executing program 3 (id=4385): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r1 = openat$null(0xffffff9c, &(0x7f0000000180), 0x181, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000340)={'vlan0\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x4c}}, 0x0) (fail_nth: 1) 41.728832279s ago: executing program 3 (id=4390): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) socket$inet6_icmp(0xa, 0x2, 0x3a) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$can_j1939(0x1d, 0x2, 0x7) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r4, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000500000000000500200001000000050008", @ANYRES8=r2], 0x7c}}, 0x80) 41.690846661s ago: executing program 33 (id=4390): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) socket$inet6_icmp(0xa, 0x2, 0x3a) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$can_j1939(0x1d, 0x2, 0x7) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r4, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000500000000000500200001000000050008", @ANYRES8=r2], 0x7c}}, 0x80) 3.240857172s ago: executing program 5 (id=4658): eventfd(0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mq_open(0x0, 0x2, 0x148, &(0x7f0000000080)={0x4, 0xa9c4, 0x8, 0x4}) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x80) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x1000, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f4, 0x0, 0x0, 0x0, 0x0) 2.237711508s ago: executing program 2 (id=4668): socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) io_uring_setup(0x2471, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x23, 0x0, &(0x7f0000000000)) r1 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB(r1, 0xc01c64ae, &(0x7f0000000040)={0x0, 0x20000001, 0x9, 0x0, 0x18, 0x400018}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='cramfs\x00', 0x2a00000, 0x0) r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x80000, 0x11b) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r3, &(0x7f0000000300)="ca0e808bb35bda", 0x7) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x3c) creat(&(0x7f00000001c0)='./file0\x00', 0x8) mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000080)=0x3, 0x8, 0x0) write$FUSE_NOTIFY_RESEND(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) syz_init_net_socket$ax25(0x3, 0x2, 0x1) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x2, 0x4, 0xaf6a, 0x9}, 0x50) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xd, 0x3, 0x4, 0x801, 0x40048, r6, 0x15b4, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r7}, 0x0, &(0x7f0000000880)=r6}, 0x20) 1.97235549s ago: executing program 5 (id=4669): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x31f, 0x0) 1.880008054s ago: executing program 5 (id=4670): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 1.878847274s ago: executing program 5 (id=4671): syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0xa, &(0x7f0000000000)=0x2, 0x4) 1.810366317s ago: executing program 5 (id=4672): syz_init_net_socket$nfc_raw(0x27, 0x0, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) connect$rds(r0, &(0x7f0000000080)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sync_file_range(r1, 0x2, 0x8, 0x3) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4) setgroups(0x0, &(0x7f0000000000)) 1.336372216s ago: executing program 4 (id=4674): r0 = socket(0x2, 0x3, 0xff) setsockopt$inet_int(r0, 0x0, 0x2, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x3, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10) 1.334768195s ago: executing program 4 (id=4675): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000ff7f0000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r2) sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x20, r3, 0x5, 0x0, 0x0, {0x22}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x2000c094) 1.291833482s ago: executing program 4 (id=4676): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) pivot_root(0x0, &(0x7f00000001c0)='./file0/../file0/../file0\x00') mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x3a}) 1.220457348s ago: executing program 4 (id=4677): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = getpid() sched_setscheduler(r1, 0x3, &(0x7f0000000180)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6(0xa, 0x80002, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85513, &(0x7f0000000b00)={{0x2}, 0x0, [0x400000, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xc6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x81, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8838, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x3, 0x800000000000000, 0x20000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r5) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000003040)) setsockopt$sock_linger(r3, 0x1, 0x3c, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000040)=0xa8, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) 1.157503484s ago: executing program 2 (id=4678): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x38}, 0x2}, 0x0) 1.060456777s ago: executing program 2 (id=4679): fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@local, 0x2}, @local, 0x0, 0x0, 0xf8f, 0x0, 0x4}) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e, 0xfffffffffffffff9}) close_range(r0, 0xffffffffffffffff, 0x0) 983.116486ms ago: executing program 2 (id=4680): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xffe}], 0x0, 0x0, 0x0}) 931.020144ms ago: executing program 2 (id=4681): openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0x183002) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) pselect6(0x40, &(0x7f0000000100)={0x0, 0x6, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff}, &(0x7f0000000580)={0x0, 0x3938700}, 0x0) 829.672769ms ago: executing program 2 (id=4683): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 727.631341ms ago: executing program 5 (id=4687): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x2c, 0x0, 0x1, 0x80, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x4e}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan1\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet6(0xa, 0x3, 0x6e61) getsockopt$inet6_mtu(r5, 0x29, 0x17, &(0x7f00000000c0), &(0x7f0000000280)=0x4) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0) setreuid(0xee01, 0x0) setreuid(0x0, 0x0) r6 = memfd_create(&(0x7f0000000440)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xa6l\a\xb0\xf5\xa9^a\xf0h\x16\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xb4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\x00\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1UAA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97cy\xef\xbc\x1a\xbf\xc4\xdd\xe2\x9eBk\x1d\x8eg>\x87\x0e:\x9f\x88\xc0\x9ay\xffQ\xd6\xaf\xf5\xc1\xf3{\x91\xfc\x02t\'H \x97', 0x2) fcntl$addseals(r6, 0x409, 0x8) r7 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r7, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r7, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 354.549851ms ago: executing program 4 (id=4689): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xffe}], 0x0, 0x0, 0x0}) 269.89553ms ago: executing program 0 (id=4690): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xfff, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) rt_sigaction(0x19, 0x0, 0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) ioctl$TUNGETVNETLE(r0, 0x400454de, &(0x7f0000001140)) shmctl$SHM_LOCK(0x0, 0xb) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) shmctl$SHM_UNLOCK(0x0, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_timeval(r1, 0x1, 0x43, &(0x7f00000005c0)={0x77359400}, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='coredump_filter\x00') ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000000180)={0x2, 'wg2\x00', {0x9}, 0x1}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x84) 268.063745ms ago: executing program 4 (id=4691): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, r0}, 0x18) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0x20, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}}, 0x0, 0x0, 0xd, 0x0, "50e482af8a3b3953d7d2ddc26f6d7fcfdcef78b3bb7ca71d37000667e0b8dd3a89446b04761c340f273410ad620a1d1d1e8e3d5d07cb37da86503ff8eadd32f0fc9a56bcd7a401a991c216437633b722"}, 0xd8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sysfs$2(0x2, 0x100000000, &(0x7f0000000200)=""/4096) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x8000010}, 0x0) sysfs$2(0x2, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB="440000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a310000000018000380140000800800034000"], 0x44}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r5, 0x0, 0x0) getsockname$packet(r5, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000100)=0x9) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000040)={0x408, 0x7, 0x0, 0xfffc, 0xe, "4415264a100046001113fb235902af2556c6b6"}) 266.820676ms ago: executing program 0 (id=4692): openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0x183002) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) pselect6(0x40, &(0x7f0000000100)={0x0, 0x6, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff}, &(0x7f0000000580)={0x0, 0x3938700}, 0x0) 110.907012ms ago: executing program 0 (id=4693): r0 = socket$inet(0x2, 0x2, 0x1) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='macvlan0\x00', 0x10) sendmsg$inet(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000200)='\b\x00', 0x2}, {&(0x7f0000000180)="d0849e", 0x3}], 0x2, 0x0, 0x0, 0x60000000}, 0x20000004) 110.42979ms ago: executing program 0 (id=4694): r0 = socket(0x2, 0x3, 0xff) setsockopt$inet_int(r0, 0x0, 0x2, &(0x7f0000000140)=0x5, 0x2) setsockopt$inet_int(r0, 0x0, 0x3, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 110.264492ms ago: executing program 0 (id=4695): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) pivot_root(0x0, &(0x7f00000001c0)='./file0/../file0/../file0\x00') mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x3a}) 0s ago: executing program 0 (id=4696): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c0000001d0a010400000000000000000a0000040900010073797a31000000000800054000000004090002"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 0s ago: executing program 0 (id=4697): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x0, 0x189) getdents(r0, &(0x7f0000000140)=""/143, 0x8f) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000300)={0x18, 0x0, 0x0, {0xfffffffffffffffa}}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) write$FUSE_INIT(r3, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x21, 0xffffffff, 0xfffffffff12bd390, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6}}, 0x50) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@posixacl}]}}) kernel console output (not intermixed with test programs): 449][T20878] comedi: valid board names for pcl711 driver are: [ 904.400593][T20878] pcl711 [ 904.401577][T20878] pcl711b [ 904.402582][T20878] acl8112hg [ 904.403660][T20878] acl8112dg [ 904.404757][T20878] comedi: valid board names for amplc_pc263 driver are: [ 904.406925][T20878] pc263 [ 904.408013][T20878] comedi: valid board names for amplc_pc236 driver are: [ 904.410264][T20878] pc36at [ 904.411220][T20878] comedi: valid board names for amplc_dio200 driver are: [ 904.413762][T20878] pc212e [ 904.414849][T20878] pc214e [ 904.415828][T20878] pc215e [ 904.416783][T20878] pc218e [ 904.417740][T20878] pc272e [ 904.418768][T20878] comedi: valid board names for comedi_parport driver are: [ 904.421017][T20878] comedi_parport [ 904.422261][T20878] comedi: valid board names for comedi_test driver are: [ 904.424497][T20878] comedi_test [ 904.425617][T20878] comedi: valid board names for comedi_bond driver are: [ 904.427957][T20878] comedi_bond [ 904.749506][T20886] lo speed is unknown, defaulting to 1000 [ 905.872970][T20907] syz_tun: entered allmulticast mode [ 905.881469][T20906] syz_tun: left allmulticast mode [ 905.886209][T20910] block device autoloading is deprecated and will be removed. [ 906.647116][T20927] lo speed is unknown, defaulting to 1000 [ 907.758008][T20868] Bluetooth: hci1: command 0x0406 tx timeout [ 908.941267][T20929] lo speed is unknown, defaulting to 1000 [ 909.182914][T12223] Bluetooth: hci2: Frame reassembly failed (-84) [ 909.186772][T20934] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3790'. [ 909.193859][T20934] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3790'. [ 909.235048][T20917] net_ratelimit: 11 callbacks suppressed [ 909.235062][T20917] Set syz1 is full, maxelem 65536 reached [ 909.288114][T20936] openvswitch: netlink: Tunnel attr 9313 out of range max 16 [ 909.463195][T20943] FAULT_INJECTION: forcing a failure. [ 909.463195][T20943] name failslab, interval 1, probability 0, space 0, times 0 [ 909.467492][T20943] CPU: 0 UID: 0 PID: 20943 Comm: syz.4.3793 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 909.467523][T20943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 909.467530][T20943] Call Trace: [ 909.467534][T20943] [ 909.467539][T20943] dump_stack_lvl+0x16c/0x1f0 [ 909.467556][T20943] should_fail_ex+0x512/0x640 [ 909.467574][T20943] ? sock_kmalloc+0x111/0x170 [ 909.467590][T20943] should_failslab+0xc2/0x120 [ 909.467605][T20943] __kmalloc_noprof+0xd2/0x510 [ 909.467618][T20943] ? __pfx___might_resched+0x10/0x10 [ 909.467631][T20943] sock_kmalloc+0x111/0x170 [ 909.467676][T20943] alg_setsockopt+0x390/0xdd0 [ 909.467692][T20943] ? __pfx_alg_setsockopt+0x10/0x10 [ 909.467706][T20943] ? aa_sock_opt_perm+0xfd/0x1c0 [ 909.467716][T20943] ? __pfx_alg_setsockopt+0x10/0x10 [ 909.467731][T20943] do_sock_setsockopt+0xf3/0x1d0 [ 909.467748][T20943] __sys_setsockopt+0x120/0x1a0 [ 909.467762][T20943] __ia32_sys_setsockopt+0xbc/0x160 [ 909.467777][T20943] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 909.467805][T20943] __do_fast_syscall_32+0x7c/0x3a0 [ 909.467820][T20943] do_fast_syscall_32+0x32/0x80 [ 909.467839][T20943] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 909.467853][T20943] RIP: 0023:0xf704e579 [ 909.467862][T20943] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 909.467873][T20943] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 909.467884][T20943] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000117 [ 909.467891][T20943] RDX: 0000000000000001 RSI: 0000000080000140 RDI: 0000000000000010 [ 909.467898][T20943] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 909.467905][T20943] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 909.467911][T20943] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 909.467922][T20943] [ 911.030377][T20958] lo speed is unknown, defaulting to 1000 [ 911.175333][T20967] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3799'. [ 911.178710][T20967] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 911.199840][T20868] Bluetooth: hci2: command 0x1003 tx timeout [ 911.201841][ T63] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 911.750860][T20980] lo speed is unknown, defaulting to 1000 [ 912.807994][ T6259] usb 9-1: new low-speed USB device number 26 using dummy_hcd [ 913.021491][T20985] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3804'. [ 913.024869][T20985] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3804'. [ 913.346770][T20992] tmpfs: Bad value for 'mpol' [ 913.596120][ T6259] usb 9-1: unable to get BOS descriptor or descriptor too short [ 913.599823][ T6259] usb 9-1: unable to read config index 0 descriptor/start: -71 [ 913.607993][ T6259] usb 9-1: can't read configurations, error -71 [ 913.741238][T21001] FAULT_INJECTION: forcing a failure. [ 913.741238][T21001] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 913.745434][T21001] CPU: 3 UID: 0 PID: 21001 Comm: syz.4.3809 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 913.745450][T21001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 913.745458][T21001] Call Trace: [ 913.745462][T21001] [ 913.745467][T21001] dump_stack_lvl+0x16c/0x1f0 [ 913.745485][T21001] should_fail_ex+0x512/0x640 [ 913.745502][T21001] _copy_from_iter+0x29f/0x16f0 [ 913.745522][T21001] ? __pfx__copy_from_iter+0x10/0x10 [ 913.745539][T21001] ? rcu_is_watching+0x12/0xc0 [ 913.745551][T21001] ? __pfx_woken_wake_function+0x10/0x10 [ 913.745569][T21001] ? __pfx___might_resched+0x10/0x10 [ 913.745582][T21001] file_tty_write.constprop.0+0x488/0x9b0 [ 913.745600][T21001] vfs_write+0x7d3/0x11d0 [ 913.745614][T21001] ? __pfx_tty_write+0x10/0x10 [ 913.745629][T21001] ? __pfx_vfs_write+0x10/0x10 [ 913.745641][T21001] ? lock_release+0x201/0x2f0 [ 913.745659][T21001] ksys_write+0x12a/0x250 [ 913.745671][T21001] ? __pfx_ksys_write+0x10/0x10 [ 913.745685][T21001] ? rcu_is_watching+0x12/0xc0 [ 913.745696][T21001] __do_fast_syscall_32+0x7c/0x3a0 [ 913.745712][T21001] do_fast_syscall_32+0x32/0x80 [ 913.745727][T21001] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 913.745741][T21001] RIP: 0023:0xf704e579 [ 913.745750][T21001] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 913.745761][T21001] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 913.745772][T21001] RAX: ffffffffffffffda RBX: 000000000000000f RCX: 00000000800030c0 [ 913.745779][T21001] RDX: 0000000000001006 RSI: 0000000000000000 RDI: 0000000000000000 [ 913.745786][T21001] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 913.745792][T21001] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 913.745798][T21001] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 913.745809][T21001] [ 913.939253][T21012] overlayfs: conflicting lowerdir path [ 914.846610][T21029] syz_tun: entered promiscuous mode [ 914.849475][T21029] batadv_slave_0: entered promiscuous mode [ 915.033666][T21026] tmpfs: Bad value for 'mpol' [ 915.249818][T21021] tmpfs: Bad value for 'mpol' [ 915.446534][T21039] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3818'. [ 916.365419][T21045] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3821'. [ 916.549029][T21050] FAULT_INJECTION: forcing a failure. [ 916.549029][T21050] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 916.554178][T21050] CPU: 0 UID: 0 PID: 21050 Comm: syz.3.3823 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 916.554215][T21050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 916.554223][T21050] Call Trace: [ 916.554227][T21050] [ 916.554232][T21050] dump_stack_lvl+0x16c/0x1f0 [ 916.554250][T21050] should_fail_ex+0x512/0x640 [ 916.554268][T21050] _copy_from_user+0x2e/0xd0 [ 916.554286][T21050] get_compat_msghdr+0xa7/0x170 [ 916.554300][T21050] ? __pfx_get_compat_msghdr+0x10/0x10 [ 916.554314][T21050] ? kstrtouint_from_user+0x13c/0x1d0 [ 916.554329][T21050] ___sys_sendmsg+0x1ae/0x1d0 [ 916.554343][T21050] ? get_pid_task+0xfc/0x250 [ 916.554359][T21050] ? __pfx____sys_sendmsg+0x10/0x10 [ 916.554376][T21050] ? rcu_is_watching+0x12/0xc0 [ 916.554392][T21050] __sys_sendmsg+0x16d/0x220 [ 916.554407][T21050] ? __pfx___sys_sendmsg+0x10/0x10 [ 916.554424][T21050] ? rcu_is_watching+0x12/0xc0 [ 916.554435][T21050] __do_fast_syscall_32+0x7c/0x3a0 [ 916.554451][T21050] do_fast_syscall_32+0x32/0x80 [ 916.554466][T21050] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 916.554480][T21050] RIP: 0023:0xf7fa1579 [ 916.554489][T21050] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 916.554500][T21050] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 916.554511][T21050] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800002c0 [ 916.554519][T21050] RDX: 0000000000000850 RSI: 0000000000000000 RDI: 0000000000000000 [ 916.554525][T21050] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 916.554532][T21050] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 916.554538][T21050] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 916.554549][T21050] [ 916.612817][T21051] tmpfs: Bad value for 'mpol' [ 917.125732][T21057] netlink: 830 bytes leftover after parsing attributes in process `syz.4.3825'. [ 917.188595][ T40] audit: type=1326 audit(2000000005.919:1903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21058 comm="syz.0.3826" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fd1579 code=0x0 [ 917.507958][ T5972] usb 9-1: new low-speed USB device number 28 using dummy_hcd [ 917.671697][T21077] FAULT_INJECTION: forcing a failure. [ 917.671697][T21077] name failslab, interval 1, probability 0, space 0, times 0 [ 917.677084][T21077] CPU: 0 UID: 0 PID: 21077 Comm: syz.3.3832 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 917.677103][T21077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 917.677111][T21077] Call Trace: [ 917.677116][T21077] [ 917.677122][T21077] dump_stack_lvl+0x16c/0x1f0 [ 917.677141][T21077] should_fail_ex+0x512/0x640 [ 917.677159][T21077] should_failslab+0xc2/0x120 [ 917.677226][T21077] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 917.677241][T21077] ? __alloc_skb+0x2b2/0x380 [ 917.677257][T21077] __alloc_skb+0x2b2/0x380 [ 917.677270][T21077] ? __pfx___alloc_skb+0x10/0x10 [ 917.677282][T21077] ? __pfx___mutex_trylock_common+0x10/0x10 [ 917.677299][T21077] ? __pfx___might_resched+0x10/0x10 [ 917.677312][T21077] netlink_dump+0x19b/0xd30 [ 917.677327][T21077] ? __pfx_netlink_dump+0x10/0x10 [ 917.677344][T21077] ? rtnl_calcit.isra.0+0x273/0x4d0 [ 917.677360][T21077] ? rcu_is_watching+0x12/0xc0 [ 917.677373][T21077] __netlink_dump_start+0x6d6/0x990 [ 917.677388][T21077] ? __pfx_rtnl_bridge_getlink+0x10/0x10 [ 917.677403][T21077] rtnetlink_rcv_msg+0xb3e/0xe90 [ 917.677418][T21077] ? __pfx_rtnl_bridge_getlink+0x10/0x10 [ 917.677433][T21077] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 917.677449][T21077] ? __pfx_rtnl_dumpit+0x10/0x10 [ 917.677459][T21077] ? __pfx_rtnl_bridge_getlink+0x10/0x10 [ 917.677477][T21077] netlink_rcv_skb+0x155/0x420 [ 917.677494][T21077] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 917.677517][T21077] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 917.677536][T21077] ? rcu_is_watching+0x12/0xc0 [ 917.677550][T21077] ? netlink_deliver_tap+0x1ae/0xd30 [ 917.677563][T21077] ? is_vmalloc_addr+0x86/0xa0 [ 917.677577][T21077] netlink_unicast+0x5aa/0x870 [ 917.677592][T21077] ? __pfx_netlink_unicast+0x10/0x10 [ 917.677607][T21077] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 917.677629][T21077] netlink_sendmsg+0x8d1/0xdd0 [ 917.677651][T21077] ? __pfx_netlink_sendmsg+0x10/0x10 [ 917.677670][T21077] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 917.677684][T21077] ____sys_sendmsg+0xa95/0xc70 [ 917.677729][T21077] ? __pfx_____sys_sendmsg+0x10/0x10 [ 917.677748][T21077] ? get_compat_msghdr+0x11a/0x170 [ 917.677764][T21077] ? kstrtouint_from_user+0x13c/0x1d0 [ 917.677780][T21077] ___sys_sendmsg+0x134/0x1d0 [ 917.677793][T21077] ? get_pid_task+0xfc/0x250 [ 917.677810][T21077] ? __pfx____sys_sendmsg+0x10/0x10 [ 917.677827][T21077] ? rcu_is_watching+0x12/0xc0 [ 917.677843][T21077] __sys_sendmsg+0x16d/0x220 [ 917.677858][T21077] ? __pfx___sys_sendmsg+0x10/0x10 [ 917.677875][T21077] ? rcu_is_watching+0x12/0xc0 [ 917.677887][T21077] __do_fast_syscall_32+0x7c/0x3a0 [ 917.677903][T21077] do_fast_syscall_32+0x32/0x80 [ 917.677918][T21077] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 917.677933][T21077] RIP: 0023:0xf7fa1579 [ 917.677943][T21077] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 917.677955][T21077] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 917.677967][T21077] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000880 [ 917.677974][T21077] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 917.677981][T21077] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 917.677992][T21077] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 917.677999][T21077] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 917.678010][T21077] [ 917.795131][T21061] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3827'. [ 917.798220][T21061] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3827'. [ 917.894659][T21081] tmpfs: Bad value for 'mpol' [ 918.617775][T21092] FAULT_INJECTION: forcing a failure. [ 918.617775][T21092] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 918.633364][T21092] CPU: 1 UID: 0 PID: 21092 Comm: syz.0.3836 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 918.633382][T21092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 918.633389][T21092] Call Trace: [ 918.633394][T21092] [ 918.633399][T21092] dump_stack_lvl+0x16c/0x1f0 [ 918.633417][T21092] should_fail_ex+0x512/0x640 [ 918.633434][T21092] _copy_to_user+0x32/0xd0 [ 918.633445][T21092] do_pages_stat+0x631/0x820 [ 918.633478][T21092] ? __pfx_do_pages_stat+0x10/0x10 [ 918.633494][T21092] ? rcu_is_watching+0x12/0xc0 [ 918.633511][T21092] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 918.633529][T21092] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 918.633543][T21092] kernel_move_pages+0xfa8/0x1380 [ 918.633561][T21092] ? rcu_is_watching+0x12/0xc0 [ 918.633573][T21092] ? __pfx_kernel_move_pages+0x10/0x10 [ 918.633589][T21092] ? __fget_files+0x20e/0x3c0 [ 918.633603][T21092] ? fput+0x9b/0xd0 [ 918.633618][T21092] ? ksys_write+0x1ac/0x250 [ 918.633631][T21092] ? __pfx_ksys_write+0x10/0x10 [ 918.633644][T21092] __ia32_sys_move_pages+0xdd/0x1b0 [ 918.633661][T21092] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 918.633678][T21092] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 918.633693][T21092] __do_fast_syscall_32+0x7c/0x3a0 [ 918.633709][T21092] do_fast_syscall_32+0x32/0x80 [ 918.633724][T21092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 918.633739][T21092] RIP: 0023:0xf7fd1579 [ 918.633748][T21092] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 918.633759][T21092] RSP: 002b:00000000f54d555c EFLAGS: 00000296 ORIG_RAX: 000000000000013d [ 918.633770][T21092] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000001efe [ 918.633777][T21092] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000080000040 [ 918.633784][T21092] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 918.633791][T21092] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 918.633798][T21092] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 918.633814][T21092] [ 918.819056][ T5972] usb 9-1: unable to get BOS descriptor or descriptor too short [ 918.857852][ T5972] usb 9-1: unable to read config index 0 descriptor/start: -71 [ 918.861032][ T5972] usb 9-1: can't read configurations, error -71 [ 918.923948][T21097] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3838'. [ 919.113815][T21100] netlink: 830 bytes leftover after parsing attributes in process `syz.4.3839'. [ 919.423820][T21102] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3840'. [ 919.432109][T21102] FAULT_INJECTION: forcing a failure. [ 919.432109][T21102] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 919.437073][T21102] CPU: 0 UID: 0 PID: 21102 Comm: syz.0.3840 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 919.437095][T21102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 919.437114][T21102] Call Trace: [ 919.437118][T21102] [ 919.437123][T21102] dump_stack_lvl+0x16c/0x1f0 [ 919.437141][T21102] should_fail_ex+0x512/0x640 [ 919.437159][T21102] _copy_from_user+0x2e/0xd0 [ 919.437177][T21102] get_compat_msghdr+0xa7/0x170 [ 919.437191][T21102] ? __pfx_get_compat_msghdr+0x10/0x10 [ 919.437206][T21102] ? kstrtouint_from_user+0x13c/0x1d0 [ 919.437220][T21102] ___sys_sendmsg+0x1ae/0x1d0 [ 919.437234][T21102] ? get_pid_task+0xfc/0x250 [ 919.437250][T21102] ? __pfx____sys_sendmsg+0x10/0x10 [ 919.437267][T21102] ? rcu_is_watching+0x12/0xc0 [ 919.437283][T21102] __sys_sendmsg+0x16d/0x220 [ 919.437298][T21102] ? __pfx___sys_sendmsg+0x10/0x10 [ 919.437315][T21102] ? rcu_is_watching+0x12/0xc0 [ 919.437327][T21102] __do_fast_syscall_32+0x7c/0x3a0 [ 919.437343][T21102] do_fast_syscall_32+0x32/0x80 [ 919.437358][T21102] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 919.437373][T21102] RIP: 0023:0xf7fd1579 [ 919.437381][T21102] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 919.437393][T21102] RSP: 002b:00000000f54f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 919.437404][T21102] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000140 [ 919.437411][T21102] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 919.437417][T21102] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 919.437424][T21102] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 919.437430][T21102] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 919.437441][T21102] [ 919.996939][T21118] tmpfs: Bad value for 'mpol' [ 920.080883][T21119] lo speed is unknown, defaulting to 1000 [ 920.638489][T21126] tipc: Enabling not permitted [ 920.640922][T21126] tipc: Enabling of bearer rejected, failed to enable media [ 921.251247][T21081] Set syz1 is full, maxelem 65536 reached [ 921.484954][T21138] FAULT_INJECTION: forcing a failure. [ 921.484954][T21138] name failslab, interval 1, probability 0, space 0, times 0 [ 921.490747][T21138] CPU: 0 UID: 0 PID: 21138 Comm: syz.2.3850 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 921.490766][T21138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 921.490776][T21138] Call Trace: [ 921.490781][T21138] [ 921.490785][T21138] dump_stack_lvl+0x16c/0x1f0 [ 921.490805][T21138] should_fail_ex+0x512/0x640 [ 921.490824][T21138] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 921.490843][T21138] should_failslab+0xc2/0x120 [ 921.490860][T21138] __kmalloc_noprof+0xd2/0x510 [ 921.490876][T21138] tomoyo_realpath_from_path+0xc2/0x6e0 [ 921.490895][T21138] ? tomoyo_profile+0x47/0x60 [ 921.490924][T21138] tomoyo_path_number_perm+0x245/0x580 [ 921.490939][T21138] ? tomoyo_path_number_perm+0x237/0x580 [ 921.490954][T21138] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 921.490972][T21138] ? preempt_count_add+0x76/0x150 [ 921.490994][T21138] ? rcu_is_watching+0x12/0xc0 [ 921.491008][T21138] ? __fget_files+0x204/0x3c0 [ 921.491026][T21138] ? hook_file_ioctl_common+0x145/0x410 [ 921.491042][T21138] ? lock_release+0x201/0x2f0 [ 921.491059][T21138] ? __fget_files+0x20e/0x3c0 [ 921.491073][T21138] security_file_ioctl_compat+0x9b/0x240 [ 921.491089][T21138] __ia32_compat_sys_ioctl+0xc3/0x370 [ 921.491110][T21138] __do_fast_syscall_32+0x7c/0x3a0 [ 921.491128][T21138] do_fast_syscall_32+0x32/0x80 [ 921.491144][T21138] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 921.491160][T21138] RIP: 0023:0xf7f62579 [ 921.491169][T21138] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 921.491181][T21138] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 921.491194][T21138] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c4c03d12 [ 921.491202][T21138] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 921.491210][T21138] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 921.491217][T21138] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 921.491225][T21138] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 921.491236][T21138] [ 921.491253][T21138] ERROR: Out of memory at tomoyo_realpath_from_path. [ 923.027256][T21162] dvmrp0: entered allmulticast mode [ 923.961654][T21157] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 924.025519][T21169] FAULT_INJECTION: forcing a failure. [ 924.025519][T21169] name failslab, interval 1, probability 0, space 0, times 0 [ 924.029817][T21169] CPU: 0 UID: 0 PID: 21169 Comm: syz.4.3861 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 924.029854][T21169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 924.029862][T21169] Call Trace: [ 924.029867][T21169] [ 924.029871][T21169] dump_stack_lvl+0x16c/0x1f0 [ 924.029891][T21169] should_fail_ex+0x512/0x640 [ 924.029909][T21169] should_failslab+0xc2/0x120 [ 924.029925][T21169] __kvmalloc_node_noprof+0x137/0x620 [ 924.029942][T21169] ? __pfx___mutex_lock+0x10/0x10 [ 924.029958][T21169] ? traverse.part.0.constprop.0+0x392/0x640 [ 924.029969][T21169] ? __kernel_text_address+0xd/0x40 [ 924.029982][T21169] ? traverse.part.0.constprop.0+0x392/0x640 [ 924.029993][T21169] traverse.part.0.constprop.0+0x392/0x640 [ 924.030004][T21169] ? rcu_is_watching+0x12/0xc0 [ 924.030018][T21169] seq_read_iter+0x932/0x12c0 [ 924.030031][T21169] seq_read+0x3a3/0x570 [ 924.030042][T21169] ? __pfx_seq_read+0x10/0x10 [ 924.030052][T21169] ? rcu_is_watching+0x12/0xc0 [ 924.030063][T21169] ? rcu_is_watching+0x12/0xc0 [ 924.030074][T21169] ? import_ubuf+0x1b6/0x220 [ 924.030092][T21169] ? common_file_perm+0x1a9/0x340 [ 924.030106][T21169] ? __pfx_seq_read+0x10/0x10 [ 924.030116][T21169] proc_reg_read+0x23d/0x330 [ 924.030133][T21169] ? __pfx_proc_reg_read+0x10/0x10 [ 924.030147][T21169] vfs_readv+0x5c1/0x8b0 [ 924.030161][T21169] ? __pfx_vfs_readv+0x10/0x10 [ 924.030171][T21169] ? trace_sched_exit_tp+0xd1/0x120 [ 924.030189][T21169] ? __schedule+0x11a3/0x5de0 [ 924.030201][T21169] ? ksys_write+0x190/0x250 [ 924.030214][T21169] ? rcu_is_watching+0x12/0xc0 [ 924.030228][T21169] ? __fget_files+0x20e/0x3c0 [ 924.030242][T21169] ? do_preadv+0x1a6/0x270 [ 924.030253][T21169] do_preadv+0x1a6/0x270 [ 924.030264][T21169] ? __pfx_do_preadv+0x10/0x10 [ 924.030276][T21169] ? rcu_is_watching+0x12/0xc0 [ 924.030288][T21169] __do_fast_syscall_32+0x7c/0x3a0 [ 924.030304][T21169] do_fast_syscall_32+0x32/0x80 [ 924.030318][T21169] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 924.030333][T21169] RIP: 0023:0xf704e579 [ 924.030341][T21169] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 924.030352][T21169] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 000000000000014d [ 924.030363][T21169] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000800001c0 [ 924.030370][T21169] RDX: 0000000000000001 RSI: 000000000000001a RDI: 0000000000000000 [ 924.030377][T21169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 924.030383][T21169] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 924.030390][T21169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 924.030400][T21169] [ 924.150875][T21157] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 924.772255][T21173] netlink: 'syz.4.3862': attribute type 10 has an invalid length. [ 924.776450][T21173] bond0: (slave wlan1): Opening slave failed [ 925.708809][T21157] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 925.898283][T21157] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 925.980550][T12223] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 925.984065][T21192] lo speed is unknown, defaulting to 1000 [ 926.059405][T12238] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 926.062894][T12238] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 926.111197][T12238] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 927.381167][T21203] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3870'. [ 927.453747][T21203] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3870'. [ 927.588237][ T40] audit: type=1804 audit(2000000016.319:1904): pid=21210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.3872" name="/newroot/564/bus" dev="tmpfs" ino=3111 res=1 errno=0 [ 927.636456][T21213] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3872'. [ 928.660773][T21226] tmpfs: Bad value for 'mpol' [ 931.114956][T21242] lo speed is unknown, defaulting to 1000 [ 931.489681][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.492706][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.094606][T21273] block nbd0: not configured, cannot reconfigure [ 932.141740][ T40] audit: type=1800 audit(2000000020.869:1905): pid=21271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3886" name="/" dev="9p" ino=2 res=0 errno=0 [ 932.481360][T21275] lo speed is unknown, defaulting to 1000 [ 933.275317][T21284] tmpfs: Bad value for 'mpol' [ 935.443065][T21313] tmpfs: Bad value for 'mpol' [ 935.482718][T21292] lo speed is unknown, defaulting to 1000 [ 936.232085][T21332] overlayfs: failed to resolve './file0': -2 [ 937.754982][T21333] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3899'. [ 937.968491][T21347] tmpfs: Bad value for 'mpol' [ 939.017646][T21389] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3917'. [ 939.020596][T21389] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3917'. [ 939.185302][T21399] overlayfs: failed to resolve './file1': -2 [ 939.208525][T21401] netlink: 'syz.0.3921': attribute type 11 has an invalid length. [ 941.059272][ T6052] usb 7-1: new full-speed USB device number 48 using dummy_hcd [ 941.232370][ T6052] usb 7-1: not running at top speed; connect to a high speed hub [ 941.237076][ T6052] usb 7-1: config 1 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 941.241982][ T6052] usb 7-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 941.247388][ T6052] usb 7-1: config 1 interface 0 has no altsetting 0 [ 941.259961][ T6052] usb 7-1: New USB device found, idVendor=045e, idProduct=00e3, bcdDevice= 0.40 [ 941.263853][ T6052] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 941.267204][ T6052] usb 7-1: Product: ⊠[ 941.276855][ T6052] usb 7-1: Manufacturer: ì­žå…䩟襓äŽí€€ì´¬ã·™é¤â¼¡è·é½‡ÔŒäš©â …㧖韰ê¨æ¦ê¤—뽸쾹鎦î›âš¡ã‘໲悕࿄➭勗脘趿䈎ﲩ䑼㿻앙⬕䢾ὃﹶ鯨游آγì©[᚛ꡡ⻈ꃣല癉幓鉆㕔楇鸨蘔镬ìŽá†‡ã“«â§Žä¶™à²€íœ°ì³¦î„­íŠ•â¼ˆ [ 941.285026][ T6052] usb 7-1: SerialNumber: О [ 941.288203][T21428] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 941.315280][T21450] overlayfs: failed to resolve './file1': -2 [ 941.508607][ T6052] usbhid 7-1:1.0: can't add hid device: -71 [ 941.510398][ T6052] usbhid 7-1:1.0: probe with driver usbhid failed with error -71 [ 941.513823][ T6052] usb 7-1: USB disconnect, device number 48 [ 941.556247][T21467] lo speed is unknown, defaulting to 1000 [ 943.275663][T21505] tmpfs: Bad value for 'mpol' [ 943.917956][T21514] input: syz1 as /devices/virtual/input/input10 [ 944.138957][T21517] netlink: 830 bytes leftover after parsing attributes in process `syz.4.3941'. [ 944.517929][ T29] usb 9-1: new high-speed USB device number 30 using dummy_hcd [ 944.669245][ T29] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 944.672022][ T29] usb 9-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 945.056790][ T29] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 945.396029][ T29] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12408, setting to 64 [ 945.402057][ T29] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 945.404966][ T29] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 945.407469][ T29] usb 9-1: Product: syz [ 945.408915][ T29] usb 9-1: Manufacturer: syz [ 945.412130][ T29] cdc_wdm 9-1:1.0: skipping garbage [ 945.413808][ T29] cdc_wdm 9-1:1.0: skipping garbage [ 945.415472][ T29] cdc_wdm 9-1:1.0: probe with driver cdc_wdm failed with error -22 [ 945.709290][ T29] IPVS: starting estimator thread 0... [ 945.812277][T21532] IPVS: using max 53 ests per chain, 127200 per kthread [ 946.012192][T21536] fuse: Bad value for 'rootmode' [ 946.159524][T21533] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3942'. [ 946.185354][T21533] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 946.271945][T21515] lo speed is unknown, defaulting to 1000 [ 948.112421][ T6104] usb 9-1: USB disconnect, device number 30 [ 948.618426][T21565] tmpfs: Bad value for 'mpol' [ 949.536733][T21581] FAULT_INJECTION: forcing a failure. [ 949.536733][T21581] name failslab, interval 1, probability 0, space 0, times 0 [ 949.557345][T21581] CPU: 1 UID: 0 PID: 21581 Comm: syz.2.3955 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 949.557364][T21581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 949.557372][T21581] Call Trace: [ 949.557376][T21581] [ 949.557380][T21581] dump_stack_lvl+0x16c/0x1f0 [ 949.557399][T21581] should_fail_ex+0x512/0x640 [ 949.557417][T21581] should_failslab+0xc2/0x120 [ 949.557432][T21581] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 949.557446][T21581] ? skb_clone+0x190/0x3f0 [ 949.557461][T21581] ? netlink_deliver_tap+0x103/0xd30 [ 949.557481][T21581] skb_clone+0x190/0x3f0 [ 949.557495][T21581] netlink_deliver_tap+0xabd/0xd30 [ 949.557510][T21581] netlink_unicast+0x64c/0x870 [ 949.557526][T21581] ? __pfx_netlink_unicast+0x10/0x10 [ 949.557541][T21581] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 949.557558][T21581] netlink_sendmsg+0x8d1/0xdd0 [ 949.557574][T21581] ? __pfx_netlink_sendmsg+0x10/0x10 [ 949.557594][T21581] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 949.557613][T21581] ____sys_sendmsg+0xa95/0xc70 [ 949.557641][T21581] ? __pfx_____sys_sendmsg+0x10/0x10 [ 949.557665][T21581] ? get_compat_msghdr+0x11a/0x170 [ 949.557687][T21581] ? kstrtouint_from_user+0x13c/0x1d0 [ 949.557702][T21581] ___sys_sendmsg+0x134/0x1d0 [ 949.557717][T21581] ? get_pid_task+0xfc/0x250 [ 949.557735][T21581] ? __pfx____sys_sendmsg+0x10/0x10 [ 949.557751][T21581] ? rcu_is_watching+0x12/0xc0 [ 949.557768][T21581] __sys_sendmsg+0x16d/0x220 [ 949.557796][T21581] ? __pfx___sys_sendmsg+0x10/0x10 [ 949.557813][T21581] ? rcu_is_watching+0x12/0xc0 [ 949.557825][T21581] __do_fast_syscall_32+0x7c/0x3a0 [ 949.557841][T21581] do_fast_syscall_32+0x32/0x80 [ 949.557856][T21581] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 949.557870][T21581] RIP: 0023:0xf7f62579 [ 949.557879][T21581] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 949.557890][T21581] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 949.557902][T21581] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 949.557909][T21581] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 949.557916][T21581] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 949.557922][T21581] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 949.557929][T21581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 949.557940][T21581] [ 949.801146][T21596] tmpfs: Bad value for 'mpol' [ 951.394876][T21628] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 951.397485][T21628] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 951.401239][T21628] vhci_hcd vhci_hcd.0: Device attached [ 951.423040][T21628] netdevsim netdevsim0: Direct firmware load for @ failed with error -2 [ 951.425776][T21628] netdevsim netdevsim0: Falling back to sysfs fallback for: @ [ 951.521720][T21627] wireguard0: entered promiscuous mode [ 951.523673][T21627] wireguard0: entered allmulticast mode [ 951.718135][ T29] usb 38-1: SetAddress Request (2) to port 0 [ 951.720263][ T29] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 952.586871][T21644] tmpfs: Bad value for 'mpol' [ 953.091542][T21629] vhci_hcd: connection reset by peer [ 953.101932][T12223] vhci_hcd: stop threads [ 953.103168][T12223] vhci_hcd: release socket [ 953.104849][T12223] vhci_hcd: disconnect device [ 954.036203][T21668] netlink: 'syz.2.3976': attribute type 10 has an invalid length. [ 954.039906][T21668] batman_adv: batadv0: Interface deactivated: dummy0 [ 954.043061][T21668] batman_adv: batadv0: Removing interface: dummy0 [ 954.050932][T21668] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 955.744430][T21725] FAULT_INJECTION: forcing a failure. [ 955.744430][T21725] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 955.750109][T21725] CPU: 3 UID: 0 PID: 21725 Comm: syz.2.3988 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 955.750136][T21725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 955.750148][T21725] Call Trace: [ 955.750156][T21725] [ 955.750164][T21725] dump_stack_lvl+0x16c/0x1f0 [ 955.750192][T21725] should_fail_ex+0x512/0x640 [ 955.750221][T21725] should_fail_alloc_page+0xe7/0x130 [ 955.750245][T21725] prepare_alloc_pages+0x3c2/0x610 [ 955.750272][T21725] ? do_user_addr_fault+0x829/0x1370 [ 955.750301][T21725] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 955.750324][T21725] ? do_user_addr_fault+0x843/0x1370 [ 955.750355][T21725] ? rcu_is_watching+0x12/0xc0 [ 955.750371][T21725] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 955.750396][T21725] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 955.750418][T21725] ? _copy_from_iter+0x37e/0x16f0 [ 955.750446][T21725] ? _copy_from_iter+0x15d/0x16f0 [ 955.750474][T21725] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 955.750494][T21725] ? policy_nodemask+0xea/0x4e0 [ 955.750520][T21725] alloc_pages_mpol+0x1fb/0x550 [ 955.750542][T21725] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 955.750568][T21725] alloc_pages_noprof+0x131/0x390 [ 955.750589][T21725] anon_pipe_write+0xbc2/0x1a90 [ 955.750613][T21725] ? get_pid_task+0x11/0x250 [ 955.750639][T21725] ? __pfx_anon_pipe_write+0x10/0x10 [ 955.750660][T21725] ? common_file_perm+0x1a9/0x340 [ 955.750683][T21725] ? bpf_lsm_file_permission+0x9/0x10 [ 955.750709][T21725] ? security_file_permission+0x71/0x210 [ 955.750732][T21725] ? rw_verify_area+0xcf/0x6c0 [ 955.750753][T21725] vfs_write+0x7d3/0x11d0 [ 955.750774][T21725] ? __pfx_anon_pipe_write+0x10/0x10 [ 955.750797][T21725] ? __pfx_vfs_write+0x10/0x10 [ 955.750818][T21725] ? lock_release+0x201/0x2f0 [ 955.750847][T21725] ksys_write+0x1f8/0x250 [ 955.750866][T21725] ? __pfx_ksys_write+0x10/0x10 [ 955.750888][T21725] ? rcu_is_watching+0x12/0xc0 [ 955.750908][T21725] __do_fast_syscall_32+0x7c/0x3a0 [ 955.750933][T21725] do_fast_syscall_32+0x32/0x80 [ 955.750956][T21725] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 955.750978][T21725] RIP: 0023:0xf7f62579 [ 955.750994][T21725] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 955.751009][T21725] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 955.751028][T21725] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000340 [ 955.751039][T21725] RDX: 0000000000011000 RSI: 0000000000000000 RDI: 0000000000000000 [ 955.751051][T21725] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 955.751062][T21725] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 955.751073][T21725] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 955.751091][T21725] [ 955.908718][T21729] overlayfs: missing 'lowerdir' [ 956.052574][T21735] tmpfs: Bad value for 'mpol' [ 956.169525][T21738] tmpfs: Bad value for 'mpol' [ 956.798061][ T29] usb 38-1: device descriptor read/8, error -110 [ 957.223605][ T29] usb usb38-port1: attempt power cycle [ 957.799976][ T54] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 957.801021][T21761] UHID_CREATE from different security context by process 1444 (syz.3.3997), this is not allowed. [ 957.802507][ T54] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 957.808225][ T29] usb usb38-port1: unable to enumerate USB device [ 957.809353][ T54] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 957.813710][ T54] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 957.816128][ T54] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 957.818648][ T54] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 957.820935][ T54] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 957.823583][ T54] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 957.826282][ T54] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 957.829038][ T54] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 957.833338][ T54] hid-generic 0000:0000:0000.0004: hidraw1: HID v0.03 Device [syz1] on syz1 [ 957.872725][T21764] overlayfs: missing 'lowerdir' [ 957.913082][T21765] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 957.915432][T21765] UDF-fs: Scanning with blocksize 2048 failed [ 957.918456][T21765] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found [ 957.921047][T21765] UDF-fs: Scanning with blocksize 4096 failed [ 958.289780][T21775] tmpfs: Bad value for 'mpol' [ 958.547938][T21765] syz.4.3998 (21765) used greatest stack depth: 19432 bytes left [ 958.956129][T21786] overlayfs: bad index found (index=index/00fb21000185d98677d16a4ec7bc9e5d44f68f08a65fbeb7162209000000000000, ftype=2000, origin ftype=8000). [ 959.145848][T21794] FAULT_INJECTION: forcing a failure. [ 959.145848][T21794] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 959.163496][T21794] CPU: 0 UID: 0 PID: 21794 Comm: syz.2.4008 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 959.163513][T21794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 959.163520][T21794] Call Trace: [ 959.163524][T21794] [ 959.163528][T21794] dump_stack_lvl+0x16c/0x1f0 [ 959.163546][T21794] should_fail_ex+0x512/0x640 [ 959.163564][T21794] _copy_from_user+0x2e/0xd0 [ 959.163582][T21794] get_compat_msghdr+0xa7/0x170 [ 959.163597][T21794] ? __pfx_get_compat_msghdr+0x10/0x10 [ 959.163612][T21794] ___sys_sendmsg+0x1ae/0x1d0 [ 959.163628][T21794] ? __pfx____sys_sendmsg+0x10/0x10 [ 959.163641][T21794] ? lock_release+0x201/0x2f0 [ 959.163662][T21794] ? __pfx___might_resched+0x10/0x10 [ 959.163674][T21794] ? __sys_sendmmsg+0x30d/0x420 [ 959.163690][T21794] __sys_sendmmsg+0x2f9/0x420 [ 959.163705][T21794] ? __pfx___sys_sendmmsg+0x10/0x10 [ 959.163719][T21794] ? lock_release+0x201/0x2f0 [ 959.163735][T21794] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 959.163753][T21794] ? fput+0x9b/0xd0 [ 959.163769][T21794] ? ksys_write+0x1ac/0x250 [ 959.163781][T21794] ? __pfx_ksys_write+0x10/0x10 [ 959.163795][T21794] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 959.163809][T21794] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 959.163825][T21794] __do_fast_syscall_32+0x7c/0x3a0 [ 959.163840][T21794] do_fast_syscall_32+0x32/0x80 [ 959.163855][T21794] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 959.163869][T21794] RIP: 0023:0xf7f62579 [ 959.163878][T21794] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 959.163889][T21794] RSP: 002b:00000000f546555c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 959.163901][T21794] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800bd000 [ 959.163908][T21794] RDX: 0000000000000318 RSI: 0000000000000000 RDI: 0000000000000000 [ 959.163915][T21794] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 959.163921][T21794] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 959.163928][T21794] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 959.163938][T21794] [ 959.169746][T20868] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 959.239721][T20868] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 959.242117][T20868] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 959.244794][T20868] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 959.247271][T20868] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 959.303087][T21796] lo speed is unknown, defaulting to 1000 [ 959.392431][T21796] chnl_net:caif_netlink_parms(): no params data found [ 959.485869][T21796] bridge0: port 1(bridge_slave_0) entered blocking state [ 959.489431][T21796] bridge0: port 1(bridge_slave_0) entered disabled state [ 959.492197][T21796] bridge_slave_0: entered allmulticast mode [ 959.495320][T21796] bridge_slave_0: entered promiscuous mode [ 959.498694][T21796] bridge0: port 2(bridge_slave_1) entered blocking state [ 959.501784][T21796] bridge0: port 2(bridge_slave_1) entered disabled state [ 959.504665][T21796] bridge_slave_1: entered allmulticast mode [ 959.508821][T21796] bridge_slave_1: entered promiscuous mode [ 959.520191][T21808] tmpfs: Bad value for 'mpol' [ 959.908780][T21796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 959.913668][T21796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 959.932130][T21796] team0: Port device team_slave_0 added [ 959.934869][T21796] team0: Port device team_slave_1 added [ 959.961695][T21796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 959.964436][T21796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 959.965931][T21818] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4012'. [ 959.974742][T21796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 959.987061][T21818] batadv1: entered allmulticast mode [ 959.993972][T21796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 959.996860][T21796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 960.006794][T21796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 960.014341][T21821] input: syz1 as /devices/virtual/input/input11 [ 960.055951][T21796] hsr_slave_0: entered promiscuous mode [ 960.058925][T21796] hsr_slave_1: entered promiscuous mode [ 960.116165][T21796] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 960.142764][ T40] audit: type=1326 audit(2000000048.869:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21823 comm="syz.0.4014" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 960.152762][ T40] audit: type=1326 audit(2000000048.869:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21823 comm="syz.0.4014" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 960.162005][ T40] audit: type=1326 audit(2000000048.869:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21823 comm="syz.0.4014" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 960.171342][ T40] audit: type=1326 audit(2000000048.869:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21823 comm="syz.0.4014" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 960.189715][ T40] audit: type=1326 audit(2000000048.869:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21823 comm="syz.0.4014" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 960.199770][T21796] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 960.204730][ T40] audit: type=1326 audit(2000000048.879:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21823 comm="syz.0.4014" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 960.213100][ T40] audit: type=1326 audit(2000000048.879:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21823 comm="syz.0.4014" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 960.249860][T21796] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 960.290569][T21796] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 960.372655][T21796] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 960.381691][T21796] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 960.388047][T21796] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 960.397700][T21796] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 960.423028][T21833] overlayfs: missing 'lowerdir' [ 960.428353][T21796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 960.433919][T21796] 8021q: adding VLAN 0 to HW filter on device team0 [ 960.445302][T12249] bridge0: port 1(bridge_slave_0) entered blocking state [ 960.447736][T12249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 960.452994][T12223] bridge0: port 2(bridge_slave_1) entered blocking state [ 960.455592][T12223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 960.664764][T21796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 960.777708][T21796] veth0_vlan: entered promiscuous mode [ 960.784311][T21796] veth1_vlan: entered promiscuous mode [ 960.816313][T21796] veth0_macvtap: entered promiscuous mode [ 960.821452][T21796] veth1_macvtap: entered promiscuous mode [ 960.827285][T21848] trusted_key: encrypted_key: insufficient parameters specified [ 960.838338][T21796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 960.865932][T21796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 960.878161][T12252] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 960.883692][T12252] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 960.887737][T12252] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 960.895805][T12252] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 960.946116][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 960.958170][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 960.965624][T12229] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 960.970517][T12229] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 961.287990][T20868] Bluetooth: hci2: command tx timeout [ 961.344393][T21859] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4018'. [ 961.397272][T21849] netlink: 3 bytes leftover after parsing attributes in process `syz.3.4017'. [ 961.402265][T21849] batadv0: entered allmulticast mode [ 961.451966][T21861] input: syz1 as /devices/virtual/input/input12 [ 961.525378][T21849] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 961.531413][T21849] IPVS: set_ctl: invalid protocol: 103 172.20.20.187:20002 [ 963.357893][T20868] Bluetooth: hci2: command tx timeout [ 963.771086][T21916] nbd: must specify a device to reconfigure [ 964.484008][T21926] fuse: Bad value for 'fd' [ 964.736272][ T40] audit: type=1326 audit(2000000053.459:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 964.747964][ T40] audit: type=1326 audit(2000000053.459:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 964.769225][ T40] audit: type=1326 audit(2000000053.479:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 964.997912][ T6088] usb 7-1: new high-speed USB device number 49 using dummy_hcd [ 965.014994][T21942] random: crng reseeded on system resumption [ 965.147955][ T6088] usb 7-1: Using ep0 maxpacket: 16 [ 965.152872][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 965.152882][ T40] audit: type=1326 audit(2000000053.879:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 965.163476][ T40] audit: type=1326 audit(2000000053.889:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 965.184545][ T6088] usb 7-1: unable to get BOS descriptor or descriptor too short [ 965.187401][ T40] audit: type=1326 audit(2000000053.889:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 965.191263][ T6088] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 965.196243][ T40] audit: type=1326 audit(2000000053.889:1929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 965.207538][ T40] audit: type=1326 audit(2000000053.909:1930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 965.210189][ T6088] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 965.217155][ T40] audit: type=1326 audit(2000000053.909:1931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 965.227390][ T40] audit: type=1326 audit(2000000053.909:1932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 965.236591][ T40] audit: type=1326 audit(2000000053.909:1933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 965.240260][ T6088] usb 7-1: Product: syz [ 965.246617][ T40] audit: type=1326 audit(2000000053.909:1934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 965.253289][ T6088] usb 7-1: Manufacturer: syz [ 965.257866][ T40] audit: type=1326 audit(2000000053.909:1935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21935 comm="syz.2.4033" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 965.260820][ T6088] usb 7-1: SerialNumber: syz [ 965.437900][T20868] Bluetooth: hci2: command tx timeout [ 965.497531][ T6088] cdc_ncm 7-1:1.0: bind() failure [ 965.509286][ T6088] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 965.511604][ T6088] cdc_ncm 7-1:1.1: bind() failure [ 965.527555][ T6088] usb 7-1: USB disconnect, device number 49 [ 965.540000][T21952] FAULT_INJECTION: forcing a failure. [ 965.540000][T21952] name failslab, interval 1, probability 0, space 0, times 0 [ 965.544941][T21952] CPU: 0 UID: 0 PID: 21952 Comm: syz.4.4037 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 965.544963][T21952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 965.544975][T21952] Call Trace: [ 965.544981][T21952] [ 965.544988][T21952] dump_stack_lvl+0x16c/0x1f0 [ 965.545012][T21952] should_fail_ex+0x512/0x640 [ 965.545033][T21952] ? tomoyo_encode2+0x100/0x3e0 [ 965.545055][T21952] should_failslab+0xc2/0x120 [ 965.545077][T21952] __kmalloc_noprof+0xd2/0x510 [ 965.545096][T21952] ? d_absolute_path+0x136/0x1a0 [ 965.545119][T21952] tomoyo_encode2+0x100/0x3e0 [ 965.545138][T21952] tomoyo_encode+0x29/0x50 [ 965.545160][T21952] tomoyo_realpath_from_path+0x18f/0x6e0 [ 965.545186][T21952] tomoyo_path_number_perm+0x245/0x580 [ 965.545204][T21952] ? tomoyo_path_number_perm+0x237/0x580 [ 965.545221][T21952] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 965.545244][T21952] ? preempt_count_add+0x76/0x150 [ 965.545273][T21952] ? rcu_is_watching+0x12/0xc0 [ 965.545290][T21952] ? __fget_files+0x204/0x3c0 [ 965.545306][T21952] ? hook_file_ioctl_common+0x145/0x410 [ 965.545329][T21952] ? lock_release+0x201/0x2f0 [ 965.545351][T21952] ? __fget_files+0x20e/0x3c0 [ 965.545369][T21952] security_file_ioctl_compat+0x9b/0x240 [ 965.545391][T21952] __ia32_compat_sys_ioctl+0xc3/0x370 [ 965.545417][T21952] __do_fast_syscall_32+0x7c/0x3a0 [ 965.545438][T21952] do_fast_syscall_32+0x32/0x80 [ 965.545456][T21952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 965.545475][T21952] RIP: 0023:0xf7fc1579 [ 965.545488][T21952] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 965.545503][T21952] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 965.545520][T21952] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0045520 [ 965.545531][T21952] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 965.545539][T21952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 965.545546][T21952] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 965.545557][T21952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 965.545573][T21952] [ 965.545586][T21952] ERROR: Out of memory at tomoyo_realpath_from_path. [ 966.792517][T21988] tmpfs: Bad value for 'mpol' [ 967.504209][T22008] 9pnet_fd: Insufficient options for proto=fd [ 967.517935][T20868] Bluetooth: hci2: command tx timeout [ 967.776230][T22013] netlink: 'syz.0.4052': attribute type 12 has an invalid length. [ 967.779084][T22013] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4052'. [ 968.863816][T22045] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 968.865913][T22045] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 968.874949][T22045] vhci_hcd vhci_hcd.0: Device attached [ 969.300624][T22039] random: crng reseeded on system resumption [ 969.337918][ T29] usb 44-1: SetAddress Request (6) to port 0 [ 969.340522][ T29] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd [ 969.395358][T22052] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4060'. [ 969.487395][T22054] nbd: must specify a device to reconfigure [ 969.544233][T22046] vhci_hcd: connection reset by peer [ 969.547869][T12223] vhci_hcd: stop threads [ 969.549607][T12223] vhci_hcd: release socket [ 969.551996][T12223] vhci_hcd: disconnect device [ 970.671966][T22079] netlink: 'syz.3.4069': attribute type 12 has an invalid length. [ 970.674546][T22079] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4069'. [ 971.134600][T22095] random: crng reseeded on system resumption [ 971.145350][T22095] syzkaller1: entered promiscuous mode [ 971.147333][T22095] syzkaller1: entered allmulticast mode [ 971.153207][T22095] program syz.4.4074 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 972.155709][T12282] Bluetooth: hci3: Frame reassembly failed (-84) [ 972.161269][T22110] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 972.415719][T22123] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 972.417597][T22123] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 972.420258][T22123] vhci_hcd vhci_hcd.0: Device attached [ 972.708237][ T6104] usb 38-1: SetAddress Request (6) to port 0 [ 972.710084][ T6104] usb 38-1: new SuperSpeed USB device number 6 using vhci_hcd [ 972.796883][T22108] Set syz1 is full, maxelem 65536 reached [ 973.004708][T22124] vhci_hcd: connection reset by peer [ 973.007178][T12282] vhci_hcd: stop threads [ 973.008779][T12282] vhci_hcd: release socket [ 973.010427][T12282] vhci_hcd: disconnect device [ 973.605364][T22146] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4084'. [ 974.157845][T20868] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 974.397949][ T29] usb 44-1: device descriptor read/8, error -110 [ 974.799122][ T29] usb usb44-port1: attempt power cycle [ 975.277258][T22177] tmpfs: Bad value for 'mpol' [ 975.379801][ T29] usb usb44-port1: unable to enumerate USB device [ 976.166125][T22194] : entered promiscuous mode [ 976.376155][ T40] kauditd_printk_skb: 59 callbacks suppressed [ 976.376165][ T40] audit: type=1326 audit(2000000065.099:1995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22195 comm="syz.4.4097" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 976.385035][ T40] audit: type=1326 audit(2000000065.099:1996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22195 comm="syz.4.4097" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 976.962801][T22199] gtp0: entered promiscuous mode [ 976.973614][T22199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4098'. [ 977.030157][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 977.284038][T22213] FAULT_INJECTION: forcing a failure. [ 977.284038][T22213] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 977.303106][T22213] CPU: 0 UID: 0 PID: 22213 Comm: syz.2.4102 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 977.303146][T22213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 977.303159][T22213] Call Trace: [ 977.303165][T22213] [ 977.303171][T22213] dump_stack_lvl+0x16c/0x1f0 [ 977.303198][T22213] should_fail_ex+0x512/0x640 [ 977.303225][T22213] strncpy_from_user+0x3b/0x2e0 [ 977.303247][T22213] getname_flags.part.0+0x8f/0x550 [ 977.303275][T22213] getname_flags+0x93/0xf0 [ 977.303293][T22213] do_sys_openat2+0xb8/0x1d0 [ 977.303326][T22213] ? __pfx_do_sys_openat2+0x10/0x10 [ 977.303353][T22213] ? __fget_files+0x20e/0x3c0 [ 977.303375][T22213] __ia32_compat_sys_openat+0x16d/0x210 [ 977.303390][T22213] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 977.303404][T22213] ? ksys_write+0x1ac/0x250 [ 977.303424][T22213] ? rcu_is_watching+0x12/0xc0 [ 977.303445][T22213] __do_fast_syscall_32+0x7c/0x3a0 [ 977.303469][T22213] do_fast_syscall_32+0x32/0x80 [ 977.303491][T22213] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 977.303513][T22213] RIP: 0023:0xf7f62579 [ 977.303528][T22213] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 977.303544][T22213] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 977.303562][T22213] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000100 [ 977.303574][T22213] RDX: 0000000000004881 RSI: 0000000000000000 RDI: 0000000000000000 [ 977.303584][T22213] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 977.303594][T22213] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 977.303604][T22213] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 977.303622][T22213] [ 977.450311][T22215] õý [ 977.768581][ T6104] usb 38-1: device descriptor read/8, error -110 [ 977.950512][T22224] trusted_key: encrypted_key: insufficient parameters specified [ 978.178732][ T6104] usb usb38-port1: attempt power cycle [ 978.448076][ T6088] usb 9-1: new high-speed USB device number 31 using dummy_hcd [ 978.661183][ T6088] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 978.666471][ T6088] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 978.672819][ T6088] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 978.676677][ T6088] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 978.689445][ T6088] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 978.693629][ T6088] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 978.696765][ T6088] usb 9-1: Manufacturer: syz [ 978.756854][ T6088] usb 9-1: config 0 descriptor?? [ 978.829054][ T6104] usb usb38-port1: unable to enumerate USB device [ 979.035136][T22252] lo speed is unknown, defaulting to 1000 [ 979.170212][ T6088] hid_parser_main: 73 callbacks suppressed [ 979.170225][ T6088] appleir 0003:05AC:8243.0005: unknown main item tag 0x0 [ 979.183799][ T6088] appleir 0003:05AC:8243.0005: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 979.219128][T22255] lo speed is unknown, defaulting to 1000 [ 979.448247][T22264] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4111'. [ 979.458266][T20868] block nbd0: Receive control failed (result -107) [ 979.507958][T22264] nbd0: detected capacity change from 0 to 32 [ 979.511862][T21850] block nbd0: Dead connection, failed to find a fallback [ 979.514875][T21850] block nbd0: shutting down sockets [ 979.517130][T21850] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 979.521177][T21850] Buffer I/O error on dev nbd0, logical block 0, async page read [ 979.524391][T21850] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 979.528717][T21850] Buffer I/O error on dev nbd0, logical block 0, async page read [ 979.532515][T21850] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 979.536326][T21850] Buffer I/O error on dev nbd0, logical block 0, async page read [ 979.539877][T21850] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 979.544092][T21850] Buffer I/O error on dev nbd0, logical block 0, async page read [ 979.547447][T21850] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 979.551700][T21850] Buffer I/O error on dev nbd0, logical block 0, async page read [ 979.555170][T21850] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 979.559137][T21850] Buffer I/O error on dev nbd0, logical block 0, async page read [ 979.562268][T21850] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 979.565810][T21850] Buffer I/O error on dev nbd0, logical block 0, async page read [ 979.569147][T21850] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 979.572637][T21850] Buffer I/O error on dev nbd0, logical block 0, async page read [ 979.575751][T21850] ldm_validate_partition_table(): Disk read failed. [ 979.578524][T21850] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 979.582076][T21850] Buffer I/O error on dev nbd0, logical block 0, async page read [ 979.585217][T21850] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 979.588820][T21850] Buffer I/O error on dev nbd0, logical block 0, async page read [ 979.592035][T21850] Dev nbd0: unable to read RDB block 0 [ 979.594544][T21850] nbd0: unable to read partition table [ 979.604860][T21850] ldm_validate_partition_table(): Disk read failed. [ 979.607744][T21850] Dev nbd0: unable to read RDB block 0 [ 979.610460][T21850] nbd0: unable to read partition table [ 979.613922][T22270] netlink: 5 bytes leftover after parsing attributes in process `syz.0.4113'. [ 979.617094][T22270] 0ªX¹¦D: renamed from macvtap0 (while UP) [ 979.621039][T22270] 0ªX¹¦D: entered allmulticast mode [ 979.622814][T22270] veth0_macvtap: entered allmulticast mode [ 979.626034][T22270] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 979.902029][T22284] ldm_validate_partition_table(): Disk read failed. [ 979.905183][T22284] Dev nbd0: unable to read RDB block 0 [ 979.908194][T22284] nbd0: unable to read partition table [ 979.930376][T22284] loop2: detected capacity change from 0 to 7 [ 979.936245][T22284] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 979.938018][T22284] loop2: partition table partially beyond EOD, truncated [ 979.940767][T22284] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 980.052937][ T6058] libceph: connect (1)[c::]:6789 error -101 [ 980.055437][ T6058] libceph: mon0 (1)[c::]:6789 connect error [ 980.328109][ T6058] libceph: connect (1)[c::]:6789 error -101 [ 980.330540][ T6058] libceph: mon0 (1)[c::]:6789 connect error [ 980.507971][ T6104] usb 9-1: reset high-speed USB device number 31 using dummy_hcd [ 980.729223][T22282] ceph: No mds server is up or the cluster is laggy [ 980.775739][T12238] Bluetooth: (null): Invalid header checksum [ 980.777721][T12238] Bluetooth: (null): Invalid header checksum [ 980.817501][T22298] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 63 [ 980.889127][T12223] Bluetooth: (null): Invalid header checksum [ 981.008118][T12238] Bluetooth: (null): Invalid header checksum [ 981.037206][T22321] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4128'. [ 981.125572][T12238] Bluetooth: (null): Invalid header checksum [ 981.148557][T22331] IPVS: set_ctl: invalid protocol: 41 224.0.0.2:20002 [ 981.228087][T12238] Bluetooth: (null): Invalid header checksum [ 981.296078][T22333] Set syz1 is full, maxelem 65536 reached [ 981.338312][ T13] Bluetooth: (null): Invalid header checksum [ 981.458132][T12229] Bluetooth: (null): Invalid header checksum [ 981.568178][T12252] Bluetooth: (null): Invalid header checksum [ 981.613566][T22127] usb 9-1: USB disconnect, device number 31 [ 981.688011][T12252] Bluetooth: (null): Invalid header checksum [ 981.707633][T22350] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4140'. [ 981.711937][T22350] hsr_slave_0: left promiscuous mode [ 981.715429][T22350] hsr_slave_1: left promiscuous mode [ 981.808039][T12252] Bluetooth: (null): Invalid header checksum [ 981.883438][ T40] audit: type=1326 audit(2000000070.609:1997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22361 comm="syz.3.4145" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 981.890245][ T40] audit: type=1326 audit(2000000070.619:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22361 comm="syz.3.4145" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 981.897004][ T40] audit: type=1326 audit(2000000070.619:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22361 comm="syz.3.4145" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 981.903903][ T40] audit: type=1326 audit(2000000070.619:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22361 comm="syz.3.4145" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 981.910687][ T40] audit: type=1326 audit(2000000070.619:2001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22361 comm="syz.3.4145" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 981.917653][ T40] audit: type=1326 audit(2000000070.619:2002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22361 comm="syz.3.4145" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 981.924868][T12229] Bluetooth: (null): Invalid header checksum [ 981.925109][ T40] audit: type=1326 audit(2000000070.619:2003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22361 comm="syz.3.4145" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 981.984518][T22357] Set syz1 is full, maxelem 65536 reached [ 982.027926][T12223] Bluetooth: (null): Invalid header checksum [ 982.148321][ T13] Bluetooth: (null): Invalid header checksum [ 982.258139][T12223] Bluetooth: (null): Invalid header checksum [ 982.368097][T12229] Bluetooth: (null): Invalid header checksum [ 982.478746][T12252] Bluetooth: (null): Invalid header checksum [ 982.598273][T12229] Bluetooth: (null): Invalid header checksum [ 982.639756][T22377] FAULT_INJECTION: forcing a failure. [ 982.639756][T22377] name failslab, interval 1, probability 0, space 0, times 0 [ 982.643910][T22377] CPU: 0 UID: 0 PID: 22377 Comm: syz.2.4150 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 982.643926][T22377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 982.643934][T22377] Call Trace: [ 982.643939][T22377] [ 982.643944][T22377] dump_stack_lvl+0x16c/0x1f0 [ 982.643963][T22377] should_fail_ex+0x512/0x640 [ 982.643981][T22377] should_failslab+0xc2/0x120 [ 982.643997][T22377] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 982.644011][T22377] ? __alloc_skb+0x2b2/0x380 [ 982.644040][T22377] __alloc_skb+0x2b2/0x380 [ 982.644053][T22377] ? __pfx___alloc_skb+0x10/0x10 [ 982.644067][T22377] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 982.644084][T22377] netlink_alloc_large_skb+0x69/0x130 [ 982.644100][T22377] netlink_sendmsg+0x6a1/0xdd0 [ 982.644116][T22377] ? __pfx_netlink_sendmsg+0x10/0x10 [ 982.644132][T22377] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 982.644145][T22377] ____sys_sendmsg+0xa95/0xc70 [ 982.644163][T22377] ? __pfx_____sys_sendmsg+0x10/0x10 [ 982.644181][T22377] ? get_compat_msghdr+0x11a/0x170 [ 982.644196][T22377] ? kstrtouint_from_user+0x13c/0x1d0 [ 982.644215][T22377] ___sys_sendmsg+0x134/0x1d0 [ 982.644229][T22377] ? get_pid_task+0xfc/0x250 [ 982.644244][T22377] ? __pfx____sys_sendmsg+0x10/0x10 [ 982.644261][T22377] ? rcu_is_watching+0x12/0xc0 [ 982.644278][T22377] __sys_sendmsg+0x16d/0x220 [ 982.644292][T22377] ? __pfx___sys_sendmsg+0x10/0x10 [ 982.644310][T22377] ? rcu_is_watching+0x12/0xc0 [ 982.644321][T22377] __do_fast_syscall_32+0x7c/0x3a0 [ 982.644338][T22377] do_fast_syscall_32+0x32/0x80 [ 982.644352][T22377] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 982.644367][T22377] RIP: 0023:0xf7f62579 [ 982.644375][T22377] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 982.644387][T22377] RSP: 002b:00000000f548655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 982.644398][T22377] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000240 [ 982.644405][T22377] RDX: 0000000000040800 RSI: 0000000000000000 RDI: 0000000000000000 [ 982.644412][T22377] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 982.644418][T22377] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 982.644425][T22377] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 982.644435][T22377] [ 982.723622][T12252] Bluetooth: (null): Invalid header checksum [ 982.839087][T12229] Bluetooth: (null): Invalid header checksum [ 982.948435][T12223] Bluetooth: (null): Invalid header checksum [ 982.992183][ T40] audit: type=1326 audit(2000000071.719:2004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22392 comm="syz.4.4156" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 983.002050][ T40] audit: type=1326 audit(2000000071.729:2005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22392 comm="syz.4.4156" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 983.011861][ T40] audit: type=1326 audit(2000000071.729:2006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22392 comm="syz.4.4156" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 983.026707][T22391] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 983.032191][ T6088] lo speed is unknown, defaulting to 1000 [ 983.058675][T12229] Bluetooth: (null): Invalid header checksum [ 983.169057][ T13] Bluetooth: (null): Invalid header checksum [ 983.247903][ T5972] usb 9-1: new high-speed USB device number 32 using dummy_hcd [ 983.278114][ T13] Bluetooth: (null): Invalid header checksum [ 983.397985][ T5972] usb 9-1: Using ep0 maxpacket: 16 [ 983.400469][T12229] Bluetooth: (null): Invalid header checksum [ 983.403407][ T5972] usb 9-1: unable to get BOS descriptor or descriptor too short [ 983.411049][ T5972] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 983.414832][ T5972] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 983.418362][ T5972] usb 9-1: Product: syz [ 983.420159][ T5972] usb 9-1: Manufacturer: syz [ 983.422187][ T5972] usb 9-1: SerialNumber: syz [ 983.508530][T12252] Bluetooth: (null): Invalid header checksum [ 983.652448][ T5972] cdc_ncm 9-1:1.0: bind() failure [ 983.655501][ T5972] cdc_ncm 9-1:1.1: CDC Union missing and no IAD found [ 983.661950][ T5972] cdc_ncm 9-1:1.1: bind() failure [ 983.664795][ T5972] usb 9-1: USB disconnect, device number 32 [ 983.888558][T22396] tmpfs: Bad value for 'mpol' [ 985.516944][T22431] netlink: 'syz.0.4169': attribute type 12 has an invalid length. [ 985.520477][T22431] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4169'. [ 985.626213][T22437] netlink: 'syz.0.4171': attribute type 12 has an invalid length. [ 985.628963][T22437] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4171'. [ 985.687863][ T6058] usb 9-1: new high-speed USB device number 33 using dummy_hcd [ 985.839254][ T6058] usb 9-1: Using ep0 maxpacket: 32 [ 985.843078][ T6058] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 985.846516][ T6058] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 985.850387][ T6058] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 985.854079][ T6058] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 985.858011][ T6058] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 985.861726][ T6058] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 985.866873][ T6058] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 985.871011][ T6058] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 985.875407][ T6058] usb 9-1: config 0 descriptor?? [ 986.105185][T22429] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 986.108723][T22429] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 986.113315][ T6058] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 33 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 986.119957][ T6058] usb 9-1: USB disconnect, device number 33 [ 986.122849][ T6058] usblp0: removed [ 986.187001][T22461] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4176'. [ 986.559065][ T68] usb 9-1: new high-speed USB device number 34 using dummy_hcd [ 986.707874][ T68] usb 9-1: Using ep0 maxpacket: 32 [ 986.711531][ T68] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 986.715186][ T68] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 986.718866][ T68] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 986.721760][ T68] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 986.724717][ T68] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 986.727560][ T68] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 986.733081][ T68] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 986.736852][ T68] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 986.740256][ T68] usb 9-1: config 0 descriptor?? [ 987.075249][T22477] binder: 22475:22477 ioctl c018937d 80000040 returned -22 [ 987.146040][ T68] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 34 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 987.346215][ T68] usb 9-1: USB disconnect, device number 34 [ 987.369610][ T68] usblp0: removed [ 988.399403][T22505] fuse: Bad value for 'user_id' [ 988.403042][T22505] fuse: Bad value for 'user_id' [ 988.810822][T22509] lo speed is unknown, defaulting to 1000 [ 989.562829][T22531] tmpfs: Bad value for 'mpol' [ 990.351030][ T40] kauditd_printk_skb: 77 callbacks suppressed [ 990.351041][ T40] audit: type=1326 audit(2000000079.079:2084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 990.360084][ T40] audit: type=1326 audit(2000000079.079:2085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 990.368296][ T40] audit: type=1326 audit(2000000079.079:2086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 990.375026][ T40] audit: type=1326 audit(2000000079.079:2087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 990.382877][ T40] audit: type=1326 audit(2000000079.079:2088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 990.389909][ T40] audit: type=1326 audit(2000000079.079:2089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 990.396587][ T40] audit: type=1326 audit(2000000079.079:2090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 990.458583][ T40] audit: type=1326 audit(2000000079.189:2091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 990.528116][ T40] audit: type=1326 audit(2000000079.259:2092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 990.537647][T22556] tmpfs: Bad value for 'mpol' [ 990.587946][ T9509] usb 7-1: new high-speed USB device number 50 using dummy_hcd [ 990.591017][ T40] audit: type=1326 audit(2000000079.319:2093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22546 comm="syz.2.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000 [ 990.747877][ T9509] usb 7-1: Using ep0 maxpacket: 16 [ 990.751289][ T9509] usb 7-1: unable to get BOS descriptor or descriptor too short [ 990.755774][ T9509] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 990.758862][ T9509] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 990.761577][ T9509] usb 7-1: Product: syz [ 990.763451][ T9509] usb 7-1: Manufacturer: syz [ 990.765154][ T9509] usb 7-1: SerialNumber: syz [ 991.024837][ T9509] cdc_ncm 7-1:1.0: bind() failure [ 991.028182][ T9509] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 991.030527][ T9509] cdc_ncm 7-1:1.1: bind() failure [ 991.034119][ T9509] usb 7-1: USB disconnect, device number 50 [ 991.171405][T22559] tmpfs: Bad value for 'mpol' [ 991.474313][T22563] netdevsim netdevsim0: Direct firmware load for @ failed with error -2 [ 991.478403][T22563] netdevsim netdevsim0: Falling back to sysfs fallback for: @ [ 991.661791][T22568] netlink: 830 bytes leftover after parsing attributes in process `syz.4.4204'. [ 992.104382][T22580] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4208'. [ 992.322329][T22595] input: syz1 as /devices/virtual/input/input13 [ 992.561167][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.563578][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.367944][T22607] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4218'. [ 993.762390][T22614] netdevsim netdevsim4: Direct firmware load for @ failed with error -2 [ 993.765236][T22614] netdevsim netdevsim4: Falling back to sysfs fallback for: @ [ 995.400085][T22645] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4229'. [ 996.444447][T22681] lo speed is unknown, defaulting to 1000 [ 996.540718][T22688] tmpfs: Bad value for 'mpol' [ 997.278043][ T9509] usb 9-1: new high-speed USB device number 35 using dummy_hcd [ 997.439176][ T9509] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 997.442111][ T9509] usb 9-1: config 0 interface 0 has no altsetting 0 [ 997.446080][ T9509] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 997.449083][ T9509] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 997.451804][ T9509] usb 9-1: Product: syz [ 997.453142][ T9509] usb 9-1: Manufacturer: syz [ 997.454635][ T9509] usb 9-1: SerialNumber: syz [ 997.456996][ T9509] usb 9-1: config 0 descriptor?? [ 997.468570][ T9509] usb 9-1: selecting invalid altsetting 0 [ 997.709086][ T9509] usb 9-1: USB disconnect, device number 35 [ 997.715345][T22703] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4246'. [ 997.944043][T22709] lo speed is unknown, defaulting to 1000 [ 998.075250][T22718] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 999.618944][T22729] tmpfs: Bad value for 'mpol' [ 999.915785][T22732] lo speed is unknown, defaulting to 1000 [ 1000.077850][T20868] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1000.077891][ T63] Bluetooth: hci3: command 0x1003 tx timeout [ 1011.882598][T22764] lo speed is unknown, defaulting to 1000 [ 1011.959399][T22775] tmpfs: Bad value for 'mpol' [ 1012.288111][T22783] lo speed is unknown, defaulting to 1000 [ 1012.625052][T22787] netdevsim netdevsim4: Direct firmware load for @ failed with error -2 [ 1012.627729][T22787] netdevsim netdevsim4: Falling back to sysfs fallback for: @ [ 1012.757996][T22791] tmpfs: Bad value for 'mpol' [ 1013.414323][T22799] lo speed is unknown, defaulting to 1000 [ 1018.299201][T22824] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4274'. [ 1025.468939][ T40] kauditd_printk_skb: 63 callbacks suppressed [ 1025.468956][ T40] audit: type=1326 audit(2000000114.199:2157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22831 comm="syz.3.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 1025.488571][ T40] audit: type=1326 audit(2000000114.199:2158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22831 comm="syz.3.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 1025.498208][ T40] audit: type=1326 audit(2000000114.199:2159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22831 comm="syz.3.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 1025.507251][ T40] audit: type=1326 audit(2000000114.199:2160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22831 comm="syz.3.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 1025.515226][ T40] audit: type=1326 audit(2000000114.199:2161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22831 comm="syz.3.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 1025.521848][ T40] audit: type=1326 audit(2000000114.199:2162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22831 comm="syz.3.4276" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa1579 code=0x7ffc0000 [ 1026.848229][T22846] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(15) [ 1026.851049][T22846] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1026.854424][T22846] vhci_hcd vhci_hcd.0: Device attached [ 1027.168105][T22127] usb 45-1: new high-speed USB device number 23 using vhci_hcd [ 1027.646263][T22847] vhci_hcd: connection reset by peer [ 1027.648602][T12223] vhci_hcd: stop threads [ 1027.650045][T12223] vhci_hcd: release socket [ 1027.651787][T12223] vhci_hcd: disconnect device [ 1028.172074][T22860] tmpfs: Bad value for 'mpol' [ 1028.456460][T22864] lo speed is unknown, defaulting to 1000 [ 1028.779506][T22870] tmpfs: Bad value for 'mpol' [ 1029.256457][T22877] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4286'. [ 1029.261166][T22877] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4286'. [ 1030.885174][T22910] tmpfs: Bad value for 'mpol' [ 1031.215318][T22914] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 1031.218623][T22914] overlayfs: missing 'lowerdir' [ 1031.377925][ T40] audit: type=1326 audit(2000000120.099:2163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22911 comm="syz.2.4293" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7fc00000 [ 1031.441298][T22916] syz_tun: entered allmulticast mode [ 1031.928352][T22911] syz_tun: left allmulticast mode [ 1031.930444][ T40] audit: type=1326 audit(2000000120.659:2164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22911 comm="syz.2.4293" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7fc00000 [ 1032.327941][T22127] vhci_hcd: vhci_device speed not set [ 1033.713268][T22940] lo speed is unknown, defaulting to 1000 [ 1034.298023][T22952] lo speed is unknown, defaulting to 1000 [ 1034.306673][T22952] lo speed is unknown, defaulting to 1000 [ 1034.315229][T22952] lo speed is unknown, defaulting to 1000 [ 1034.331498][T22952] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1034.400214][T22952] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 1034.469045][T22952] lo speed is unknown, defaulting to 1000 [ 1034.471993][T22952] lo speed is unknown, defaulting to 1000 [ 1034.474597][T22952] lo speed is unknown, defaulting to 1000 [ 1034.477187][T22952] lo speed is unknown, defaulting to 1000 [ 1034.503416][T22952] lo speed is unknown, defaulting to 1000 [ 1034.506561][T22952] lo speed is unknown, defaulting to 1000 [ 1035.484521][T22969] overlayfs: conflicting lowerdir path [ 1036.025687][ T40] audit: type=1326 audit(2000000124.749:2165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22977 comm="syz.3.4308" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa1579 code=0x7fc00000 [ 1036.058320][T22982] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4308'. [ 1036.688417][ T40] audit: type=1326 audit(2000000125.419:2166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22977 comm="syz.3.4308" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa1579 code=0x7fc00000 [ 1038.686284][ T40] audit: type=1326 audit(2000000127.409:2167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23012 comm="syz.0.4316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 1038.694887][ T40] audit: type=1326 audit(2000000127.409:2168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23012 comm="syz.0.4316" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 1038.703022][ T40] audit: type=1326 audit(2000000127.419:2169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23012 comm="syz.0.4316" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 1038.712827][ T40] audit: type=1326 audit(2000000127.419:2170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23012 comm="syz.0.4316" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 1038.720282][ T40] audit: type=1326 audit(2000000127.419:2171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23012 comm="syz.0.4316" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 1038.727577][ T40] audit: type=1326 audit(2000000127.419:2172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23012 comm="syz.0.4316" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 1038.738386][ T40] audit: type=1326 audit(2000000127.419:2173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23012 comm="syz.0.4316" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 1050.260883][T23044] tmpfs: Bad value for 'mpol' [ 1050.378900][T23033] lo speed is unknown, defaulting to 1000 [ 1050.474476][T23033] lo speed is unknown, defaulting to 1000 [ 1050.945052][T23057] tmpfs: Bad value for 'mpol' [ 1053.152946][T23082] lo speed is unknown, defaulting to 1000 [ 1053.237409][T23085] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4333'. [ 1053.569155][T23091] QAT: Invalid ioctl 21531 [ 1053.736207][T23082] lo speed is unknown, defaulting to 1000 [ 1054.000182][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.002948][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.312188][T23096] Invalid source name [ 1054.911358][T23107] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4338'. [ 1055.367621][T23111] team_slave_0: entered promiscuous mode [ 1055.369892][T23111] team_slave_1: entered promiscuous mode [ 1055.372863][T23111] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 1055.375275][T23111] team0: Device macvtap1 is already an upper device of the team interface [ 1055.467957][T23111] team_slave_0: left promiscuous mode [ 1055.469951][T23111] team_slave_1: left promiscuous mode [ 1057.151968][T23132] tmpfs: Bad value for 'mpol' [ 1057.348271][ T6307] usb 7-1: new high-speed USB device number 51 using dummy_hcd [ 1057.519033][ T6307] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1057.523348][ T6307] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1057.529985][ T6307] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1057.533778][ T6307] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1057.537248][ T6307] usb 7-1: Product: syz [ 1057.549201][ T6307] usb 7-1: Manufacturer: syz [ 1057.551488][ T6307] usb 7-1: SerialNumber: syz [ 1057.559119][ T6307] usb 7-1: config 0 descriptor?? [ 1057.564919][ T6307] usb 7-1: selecting invalid altsetting 0 [ 1057.723745][T23142] tmpfs: Bad value for 'mpol' [ 1057.804067][T23147] lo speed is unknown, defaulting to 1000 [ 1057.819930][ T68] usb 7-1: USB disconnect, device number 51 [ 1057.992885][T23147] lo speed is unknown, defaulting to 1000 [ 1060.043455][T23177] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 1060.046664][T23177] cramfs: wrong magic [ 1060.647676][T23188] lo speed is unknown, defaulting to 1000 [ 1060.742350][T23188] lo speed is unknown, defaulting to 1000 [ 1061.210318][T23194] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4359'. [ 1061.329615][T23192] siw: device registration error -23 [ 1061.435617][T23203] tmpfs: Bad value for 'mpol' [ 1061.911356][T23203] Set syz1 is full, maxelem 65536 reached [ 1062.227720][T20868] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 1062.227739][T20868] Bluetooth: hci1: adv larger than maximum supported [ 1062.239207][T20868] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1062.422545][T23212] netlink: 92 bytes leftover after parsing attributes in process `syz.3.4364'. [ 1063.278426][T23227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4369'. [ 1063.285098][T23227] FAULT_INJECTION: forcing a failure. [ 1063.285098][T23227] name failslab, interval 1, probability 0, space 0, times 0 [ 1063.290319][T23227] CPU: 3 UID: 0 PID: 23227 Comm: syz.2.4369 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 1063.290343][T23227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1063.290354][T23227] Call Trace: [ 1063.290360][T23227] [ 1063.290366][T23227] dump_stack_lvl+0x16c/0x1f0 [ 1063.290393][T23227] should_fail_ex+0x512/0x640 [ 1063.290419][T23227] should_failslab+0xc2/0x120 [ 1063.290442][T23227] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1063.290463][T23227] ? dst_alloc+0x99/0x1a0 [ 1063.290483][T23227] dst_alloc+0x99/0x1a0 [ 1063.290501][T23227] rt_dst_alloc+0x35/0x3a0 [ 1063.290525][T23227] ip_route_output_key_hash_rcu+0x880/0x28c0 [ 1063.290546][T23227] ip_route_output_key_hash+0x137/0x2e0 [ 1063.290563][T23227] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 1063.290580][T23227] ? rcu_is_watching+0x12/0xc0 [ 1063.290598][T23227] ? rcu_watching_snap_stopped_since+0x61/0x110 [ 1063.290620][T23227] ip_route_output_flow+0x27/0x150 [ 1063.290637][T23227] udp_sendmsg+0x1af9/0x2870 [ 1063.290662][T23227] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 1063.290686][T23227] ? __pfx_udp_sendmsg+0x10/0x10 [ 1063.290712][T23227] ? rcu_is_watching+0x12/0xc0 [ 1063.290727][T23227] ? trace_mm_page_alloc+0x11f/0x1a0 [ 1063.290757][T23227] ? aa_sk_perm+0x2f4/0xb10 [ 1063.290789][T23227] ? __pfx_udp_sendmsg+0x10/0x10 [ 1063.290812][T23227] inet_sendmsg+0x105/0x140 [ 1063.290828][T23227] ____sys_sendmsg+0x973/0xc70 [ 1063.290856][T23227] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1063.290880][T23227] ? get_compat_msghdr+0x11a/0x170 [ 1063.290902][T23227] ? __pfx__kstrtoull+0x10/0x10 [ 1063.290924][T23227] ___sys_sendmsg+0x134/0x1d0 [ 1063.290945][T23227] ? __pfx____sys_sendmsg+0x10/0x10 [ 1063.290984][T23227] ? __pfx_kstrtouint+0x10/0x10 [ 1063.291008][T23227] ? rcu_is_watching+0x12/0xc0 [ 1063.291030][T23227] ? __pfx___might_resched+0x10/0x10 [ 1063.291050][T23227] __sys_sendmmsg+0x2f9/0x420 [ 1063.291071][T23227] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1063.291091][T23227] ? lock_release+0x201/0x2f0 [ 1063.291117][T23227] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1063.291145][T23227] ? fput+0x9b/0xd0 [ 1063.291170][T23227] ? ksys_write+0x1ac/0x250 [ 1063.291189][T23227] ? __pfx_ksys_write+0x10/0x10 [ 1063.291211][T23227] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 1063.291233][T23227] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1063.291257][T23227] __do_fast_syscall_32+0x7c/0x3a0 [ 1063.291281][T23227] do_fast_syscall_32+0x32/0x80 [ 1063.291303][T23227] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1063.291326][T23227] RIP: 0023:0xf7f62579 [ 1063.291339][T23227] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1063.291357][T23227] RSP: 002b:00000000f546555c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 1063.291374][T23227] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080004d00 [ 1063.291386][T23227] RDX: 0000000000000300 RSI: 0000000000000f00 RDI: 0000000000000000 [ 1063.291396][T23227] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1063.291407][T23227] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1063.291417][T23227] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1063.291435][T23227] [ 1063.657627][T23239] lo speed is unknown, defaulting to 1000 [ 1063.788370][T23239] lo speed is unknown, defaulting to 1000 [ 1063.789440][T23240] lo speed is unknown, defaulting to 1000 [ 1063.872091][T23244] tmpfs: Bad value for 'mpol' [ 1063.885686][T23240] lo speed is unknown, defaulting to 1000 [ 1064.253075][T23252] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4375'. [ 1064.507518][T23256] lo speed is unknown, defaulting to 1000 [ 1064.560369][T23256] lo speed is unknown, defaulting to 1000 [ 1065.297382][T23272] binder: 23271:23272 ioctl c0306201 0 returned -14 [ 1065.412713][T23279] netlink: 'syz.3.4382': attribute type 10 has an invalid length. [ 1065.419703][T23279] bond0: (slave team0): Enslaving as an active interface with an up link [ 1065.492465][T23279] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4382'. [ 1066.155678][T23284] FAULT_INJECTION: forcing a failure. [ 1066.155678][T23284] name failslab, interval 1, probability 0, space 0, times 0 [ 1066.161510][T23284] CPU: 3 UID: 0 PID: 23284 Comm: syz.0.4386 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 1066.161537][T23284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1066.161549][T23284] Call Trace: [ 1066.161555][T23284] [ 1066.161563][T23284] dump_stack_lvl+0x16c/0x1f0 [ 1066.161590][T23284] should_fail_ex+0x512/0x640 [ 1066.161617][T23284] should_failslab+0xc2/0x120 [ 1066.161640][T23284] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1066.161661][T23284] ? vm_area_dup+0x27/0x8d0 [ 1066.161680][T23284] vm_area_dup+0x27/0x8d0 [ 1066.161697][T23284] __split_vma+0x18e/0x1070 [ 1066.161715][T23284] ? lock_release+0x201/0x2f0 [ 1066.161737][T23284] ? bpf_ksym_find+0x124/0x1c0 [ 1066.161754][T23284] ? __pfx___split_vma+0x10/0x10 [ 1066.161771][T23284] ? is_bpf_text_address+0x94/0x1a0 [ 1066.161799][T23284] vma_modify+0x16dc/0x2030 [ 1066.161820][T23284] ? mas_ascend+0x4f6/0x900 [ 1066.161840][T23284] ? __pfx_vma_modify+0x10/0x10 [ 1066.161858][T23284] ? __pfx__kstrtoull+0x10/0x10 [ 1066.161879][T23284] ? mas_ascend+0x4f6/0x900 [ 1066.161900][T23284] vma_modify_flags+0x212/0x2d0 [ 1066.161920][T23284] ? __pfx_vma_modify_flags+0x10/0x10 [ 1066.161938][T23284] ? mas_next_node+0x7e0/0xf50 [ 1066.161962][T23284] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 1066.161990][T23284] mlock_fixup+0x27c/0xe50 [ 1066.162010][T23284] ? mas_find+0x156/0x6d0 [ 1066.162033][T23284] apply_vma_lock_flags+0x261/0x390 [ 1066.162053][T23284] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 1066.162072][T23284] ? __pfx___might_resched+0x10/0x10 [ 1066.162093][T23284] ? __pfx_down_write_killable+0x10/0x10 [ 1066.162119][T23284] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 1066.162143][T23284] do_mlock+0x2ac/0x810 [ 1066.162163][T23284] ? __pfx_do_mlock+0x10/0x10 [ 1066.162182][T23284] ? fput+0x9b/0xd0 [ 1066.162205][T23284] ? ksys_write+0x1ac/0x250 [ 1066.162251][T23284] ? __pfx_ksys_write+0x10/0x10 [ 1066.162272][T23284] __ia32_sys_mlock2+0xbd/0x100 [ 1066.162293][T23284] __do_fast_syscall_32+0x7c/0x3a0 [ 1066.162317][T23284] do_fast_syscall_32+0x32/0x80 [ 1066.162339][T23284] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1066.162361][T23284] RIP: 0023:0xf7fd1579 [ 1066.162374][T23284] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1066.162391][T23284] RSP: 002b:00000000f54f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000178 [ 1066.162410][T23284] RAX: ffffffffffffffda RBX: 0000000080ff5000 RCX: 0000000000009000 [ 1066.162421][T23284] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1066.162432][T23284] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1066.162448][T23284] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1066.162459][T23284] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1066.162476][T23284] [ 1066.469983][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1066.472543][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1066.474930][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1066.477588][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1066.480292][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1066.491367][T23294] lo speed is unknown, defaulting to 1000 [ 1066.523838][T23294] lo speed is unknown, defaulting to 1000 [ 1066.576056][T23294] chnl_net:caif_netlink_parms(): no params data found [ 1066.801664][T23294] bridge0: port 1(bridge_slave_0) entered blocking state [ 1066.804034][T23294] bridge0: port 1(bridge_slave_0) entered disabled state [ 1066.806409][T23294] bridge_slave_0: entered allmulticast mode [ 1066.808810][T23294] bridge_slave_0: entered promiscuous mode [ 1066.811623][T23294] bridge0: port 2(bridge_slave_1) entered blocking state [ 1066.813918][T23294] bridge0: port 2(bridge_slave_1) entered disabled state [ 1066.816341][T23294] bridge_slave_1: entered allmulticast mode [ 1066.818724][T23294] bridge_slave_1: entered promiscuous mode [ 1066.940070][T23294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1066.944752][T23294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1067.099571][T23294] team0: Port device team_slave_0 added [ 1067.102547][T23294] team0: Port device team_slave_1 added [ 1067.276624][T23311] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4394'. [ 1067.460058][T23294] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1067.463081][T23294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1067.473234][T23294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1067.478761][T23294] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1067.481604][T23294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1067.491535][T23294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1067.900343][T23294] hsr_slave_0: entered promiscuous mode [ 1067.902965][T23294] hsr_slave_1: entered promiscuous mode [ 1067.905366][T23294] debugfs: 'hsr0' already exists in 'hsr' [ 1067.907223][T23294] Cannot create hsr debugfs directory [ 1068.557949][T20868] Bluetooth: hci0: command tx timeout [ 1070.637977][T20868] Bluetooth: hci0: command tx timeout [ 1072.718041][T20868] Bluetooth: hci0: command tx timeout [ 1074.797978][T20868] Bluetooth: hci0: command tx timeout [ 1078.383724][T23331] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4400'. [ 1078.466970][T23294] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1078.499800][T23294] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1078.550427][T23294] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1078.595898][ T40] audit: type=1326 audit(2000000167.319:2174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23330 comm="syz.4.4400" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1078.608626][T23331] syz.4.4400 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1078.632547][ T40] audit: type=1326 audit(2000000167.319:2175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23330 comm="syz.4.4400" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1078.632862][T23294] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1078.640000][ T40] audit: type=1326 audit(2000000167.339:2176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23330 comm="syz.4.4400" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1078.649826][ T40] audit: type=1326 audit(2000000167.339:2177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23330 comm="syz.4.4400" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1078.658017][ T40] audit: type=1326 audit(2000000167.339:2178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23330 comm="syz.4.4400" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1078.664879][ T40] audit: type=1326 audit(2000000167.339:2179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23330 comm="syz.4.4400" exe="/syz-executor" sig=0 arch=40000003 syscall=104 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1078.671805][ T40] audit: type=1326 audit(2000000167.339:2180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23330 comm="syz.4.4400" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1078.687916][ T40] audit: type=1326 audit(2000000167.339:2181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23330 comm="syz.4.4400" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1078.733688][T23343] lo speed is unknown, defaulting to 1000 [ 1078.776847][T23294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1078.805690][T23294] 8021q: adding VLAN 0 to HW filter on device team0 [ 1078.808702][T23343] lo speed is unknown, defaulting to 1000 [ 1078.812862][T12252] bridge0: port 1(bridge_slave_0) entered blocking state [ 1078.815184][T12252] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1078.827841][T12252] bridge0: port 2(bridge_slave_1) entered blocking state [ 1078.830371][T12252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1078.949266][T23294] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1079.051884][T23294] veth0_vlan: entered promiscuous mode [ 1079.056525][T23294] veth1_vlan: entered promiscuous mode [ 1079.071466][T23294] veth0_macvtap: entered promiscuous mode [ 1079.074775][T23294] veth1_macvtap: entered promiscuous mode [ 1079.083741][T23294] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1079.091212][T23294] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1079.099163][T12249] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1079.102804][T12249] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1079.106015][T12249] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1079.109914][T12249] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1079.240414][T12271] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1079.243414][T12271] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1079.251703][T12271] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1079.254036][T12271] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1079.369419][T23363] tmpfs: Bad value for 'mpol' [ 1079.681709][T23366] : entered promiscuous mode [ 1079.810643][T23369] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4404'. [ 1080.100881][T23377] ubi31: attaching mtd0 [ 1080.102878][T23377] ubi31: scanning is finished [ 1080.104382][T23377] ubi31: empty MTD device detected [ 1080.240917][T23377] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1080.243488][T23377] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1080.246413][T23377] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1080.248949][T23377] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 1080.251474][T23377] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1080.253564][T23377] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1080.256483][T23377] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1597419212 [ 1080.259788][T23377] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1080.263249][T23379] ubi31: background thread "ubi_bgt31d" started, PID 23379 [ 1080.638127][T23382] wireguard0: entered promiscuous mode [ 1080.640197][T23382] wireguard0: entered allmulticast mode [ 1080.812526][T23390] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1081.678128][T20868] Bluetooth: hci2: command 0x0406 tx timeout [ 1082.327919][ T9509] usb 9-1: new high-speed USB device number 36 using dummy_hcd [ 1082.479850][ T9509] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1082.483302][ T9509] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 1082.496485][ T9509] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1082.499871][ T9509] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1082.509254][ T9509] usb 9-1: Product: syz [ 1082.510710][ T9509] usb 9-1: Manufacturer: syz [ 1082.512272][ T9509] usb 9-1: SerialNumber: syz [ 1082.514952][ T9509] usb 9-1: config 0 descriptor?? [ 1083.143261][ T40] audit: type=1326 audit(2000000171.869:2182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23437 comm="syz.0.4423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 1083.152915][ T40] audit: type=1326 audit(2000000171.869:2183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23437 comm="syz.0.4423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd1579 code=0x7ffc0000 [ 1083.166437][T23440] pim6reg: entered allmulticast mode [ 1083.182331][T23440] pim6reg: left allmulticast mode [ 1083.271656][ T9509] usb 9-1: USB disconnect, device number 36 [ 1083.300204][T23441] udevd[23441]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1083.725270][T23449] overlayfs: missing 'lowerdir' [ 1084.203156][T23460] ubi31: detaching mtd0 [ 1084.209676][T23460] ubi31: mtd0 is detached [ 1084.463952][T23464] usb usb5: usbfs: process 23464 (syz.4.4430) did not claim interface 0 before use [ 1085.101838][T23488] tc_dump_action: action bad kind [ 1085.104174][T23488] netlink: 'syz.5.4437': attribute type 10 has an invalid length. [ 1085.106654][T23488] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4437'. [ 1085.109653][T23488] dummy0: entered promiscuous mode [ 1085.111646][T23488] bridge0: port 3(dummy0) entered blocking state [ 1085.113848][T23488] bridge0: port 3(dummy0) entered disabled state [ 1085.116932][T23488] dummy0: entered allmulticast mode [ 1085.130843][T23488] bridge0: port 3(dummy0) entered blocking state [ 1085.133121][T23488] bridge0: port 3(dummy0) entered forwarding state [ 1085.202591][T23493] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4439'. [ 1087.497874][T22127] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 1087.659447][T22127] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1087.663261][T22127] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1087.666713][T22127] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1087.669918][T22127] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1087.674088][T22127] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1087.677093][T22127] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1087.681571][T22127] usb 10-1: config 0 descriptor?? [ 1088.099936][T22127] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1088.986445][ T10] usb 10-1: USB disconnect, device number 2 [ 1089.408877][T23581] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4472'. [ 1091.490625][T23646] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4492'. [ 1091.667921][ T6259] usb 7-1: new high-speed USB device number 52 using dummy_hcd [ 1091.829190][ T6259] usb 7-1: config 0 has no interfaces? [ 1091.832334][ T6259] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1091.835040][ T6259] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1091.837495][ T6259] usb 7-1: Product: syz [ 1091.839131][ T6259] usb 7-1: Manufacturer: syz [ 1091.840584][ T6259] usb 7-1: SerialNumber: syz [ 1091.846200][ T6259] usb 7-1: config 0 descriptor?? [ 1091.909567][T23658] binder: 23657:23658 ioctl c0306201 80000280 returned -14 [ 1091.979113][T23659] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4496'. [ 1091.988201][T23659] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4496'. [ 1092.121276][T23643] pimreg: entered allmulticast mode [ 1092.168041][T22127] usb 9-1: new high-speed USB device number 37 using dummy_hcd [ 1092.319467][T22127] usb 9-1: config 0 has no interfaces? [ 1092.321278][T22127] usb 9-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 1092.324145][T22127] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1092.327405][T22127] usb 9-1: config 0 descriptor?? [ 1092.534473][ T10] usb 9-1: USB disconnect, device number 37 [ 1092.928010][T22127] usb 10-1: new full-speed USB device number 3 using dummy_hcd [ 1093.060598][T23668] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4501'. [ 1093.080162][T22127] usb 10-1: config 0 interface 0 has no altsetting 0 [ 1093.083170][T22127] usb 10-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00 [ 1093.087129][T22127] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1093.098503][T22127] usb 10-1: config 0 descriptor?? [ 1093.454265][T23686] serio: Serial port ptm0 [ 1093.510990][T22127] betop 0003:20BC:5500.0007: hidraw1: USB HID v1.01 Device [HID 20bc:5500] on usb-dummy_hcd.5-1/input0 [ 1093.517115][T22127] betop 0003:20BC:5500.0007: no inputs found [ 1093.837859][T22127] usb 9-1: new high-speed USB device number 38 using dummy_hcd [ 1093.992554][T22127] usb 9-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de [ 1093.995449][T22127] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1093.998050][T22127] usb 9-1: Product: syz [ 1093.999464][T22127] usb 9-1: Manufacturer: syz [ 1094.000994][T22127] usb 9-1: SerialNumber: syz [ 1094.003698][T22127] usb 9-1: config 0 descriptor?? [ 1094.008865][T22127] ttusb_dec_send_command: command bulk message failed: error -22 [ 1094.012253][T22127] ttusb-dec 9-1:0.0: probe with driver ttusb-dec failed with error -22 [ 1094.212916][T22127] usb 9-1: USB disconnect, device number 38 [ 1094.215277][T23690] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1094.348494][ T6259] usb 7-1: USB disconnect, device number 52 [ 1094.558287][ T6052] usb 10-1: USB disconnect, device number 3 [ 1094.594182][T23708] kAFS: Can only specify source 'none' with -o dyn [ 1095.156122][T23725] overlayfs: conflicting lowerdir path [ 1095.557981][ T5957] usb 7-1: new high-speed USB device number 53 using dummy_hcd [ 1095.727860][ T5957] usb 7-1: Using ep0 maxpacket: 16 [ 1095.731035][ T5957] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1095.734461][ T5957] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1095.736646][ T5957] usb 7-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 1095.739615][ T5957] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1095.742720][ T5957] usb 7-1: config 0 descriptor?? [ 1096.058899][T23743] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 1096.061665][T23743] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 1096.065408][T23743] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 1096.210616][T23750] overlayfs: unescaped trailing colons in lowerdir mount option. [ 1096.584741][T23770] overlayfs: unescaped trailing colons in lowerdir mount option. [ 1096.636563][T23772] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4541'. [ 1096.893311][T23784] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4545'. [ 1097.543557][T23799] overlayfs: unescaped trailing colons in lowerdir mount option. [ 1097.844170][T23817] lo speed is unknown, defaulting to 1000 [ 1097.875326][T23817] lo speed is unknown, defaulting to 1000 [ 1098.350945][ T5957] usbhid 7-1:0.0: can't add hid device: -71 [ 1098.352893][ T5957] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1098.360672][ T5957] usb 7-1: USB disconnect, device number 53 [ 1098.865936][T23862] lo speed is unknown, defaulting to 1000 [ 1098.879051][T23866] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 1098.881133][T23866] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1098.883757][T23866] vhci_hcd vhci_hcd.0: Device attached [ 1098.908710][T23862] lo speed is unknown, defaulting to 1000 [ 1098.940983][T23867] vhci_hcd: connection closed [ 1098.941214][T12249] vhci_hcd: stop threads [ 1098.944946][T12249] vhci_hcd: release socket [ 1098.946672][T12249] vhci_hcd: disconnect device [ 1099.016401][T23873] fuse: Bad value for 'fd' [ 1099.052405][ T40] kauditd_printk_skb: 26 callbacks suppressed [ 1099.052415][ T40] audit: type=1326 audit(2000000187.779:2210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23876 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1099.061570][ T40] audit: type=1326 audit(2000000187.779:2211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23876 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1099.071128][ T40] audit: type=1326 audit(2000000187.779:2212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23876 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1099.078064][ T40] audit: type=1326 audit(2000000187.779:2213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23876 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1099.084974][ T40] audit: type=1326 audit(2000000187.779:2214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23876 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1099.094954][ T40] audit: type=1326 audit(2000000187.779:2215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23876 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1099.102473][ T40] audit: type=1326 audit(2000000187.779:2216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23876 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1099.109508][ T40] audit: type=1326 audit(2000000187.779:2217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23876 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1099.118702][ T40] audit: type=1326 audit(2000000187.779:2218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23876 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1099.125509][ T40] audit: type=1326 audit(2000000187.779:2219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23876 comm="syz.4.4582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x7ffc0000 [ 1099.628373][T23889] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4587'. [ 1100.219414][T23899] syz.2.4592: attempt to access beyond end of device [ 1100.219414][T23899] nbd2: rw=0, sector=2, nr_sectors = 1 limit=0 [ 1100.497875][ T5957] usb 7-1: new high-speed USB device number 54 using dummy_hcd [ 1100.595689][T23912] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4597'. [ 1100.657864][ T5957] usb 7-1: Using ep0 maxpacket: 32 [ 1100.660847][ T5957] usb 7-1: config 0 has an invalid interface number: 2 but max is 0 [ 1100.664129][ T5957] usb 7-1: config 0 has no interface number 0 [ 1100.666414][ T5957] usb 7-1: config 0 interface 2 has no altsetting 0 [ 1100.670587][ T5957] usb 7-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 1100.673779][ T5957] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1100.676893][ T5957] usb 7-1: Product: syz [ 1100.678976][ T5957] usb 7-1: Manufacturer: syz [ 1100.680833][ T5957] usb 7-1: SerialNumber: syz [ 1100.682961][ T5957] usb 7-1: config 0 descriptor?? [ 1100.940547][T23922] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1100.943980][T23922] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1101.039872][ T5957] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 1101.048460][ T5957] usb 7-1: USB disconnect, device number 54 [ 1101.058358][T23441] udevd[23441]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1101.725494][T23957] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4616'. [ 1101.727510][T23958] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4610'. [ 1102.085864][T23981] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1102.088439][T23981] batadv_slave_0: entered promiscuous mode [ 1102.672703][T24003] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4632'. [ 1102.678047][ T6052] usb 9-1: new high-speed USB device number 39 using dummy_hcd [ 1102.717501][T24005] overlayfs: unescaped trailing colons in lowerdir mount option. [ 1102.837978][ T6052] usb 9-1: Using ep0 maxpacket: 32 [ 1102.840948][ T6052] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1102.844359][ T6052] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1102.847381][ T6052] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 1102.850609][ T6052] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1102.854174][ T6052] usb 9-1: config 0 descriptor?? [ 1103.197982][T20868] Bluetooth: hci2: command 0x0406 tx timeout [ 1103.265207][ T6052] koneplus 0003:1E7D:2D51.0008: unknown main item tag 0x0 [ 1103.267489][ T6052] koneplus 0003:1E7D:2D51.0008: unknown main item tag 0x0 [ 1103.271151][ T6052] koneplus 0003:1E7D:2D51.0008: unknown main item tag 0x0 [ 1103.273490][ T6052] koneplus 0003:1E7D:2D51.0008: unknown main item tag 0x0 [ 1103.275702][ T6052] koneplus 0003:1E7D:2D51.0008: unknown main item tag 0x0 [ 1103.281802][ T6052] koneplus 0003:1E7D:2D51.0008: hidraw1: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.4-1/input0 [ 1103.307743][T24028] overlayfs: unescaped trailing colons in lowerdir mount option. [ 1103.464735][ T6052] koneplus 0003:1E7D:2D51.0008: couldn't init struct koneplus_device [ 1103.468499][ T6052] koneplus 0003:1E7D:2D51.0008: couldn't install mouse [ 1103.472684][ T6052] koneplus 0003:1E7D:2D51.0008: probe with driver koneplus failed with error -71 [ 1103.481043][ T6052] usb 9-1: USB disconnect, device number 39 [ 1103.502345][T24039] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4644'. [ 1103.538018][T24039] hsr_slave_0: left promiscuous mode [ 1103.567978][T24039] hsr_slave_1: left promiscuous mode [ 1104.214803][T24060] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4654'. [ 1104.218406][T24031] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1105.226575][T24085] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4663'. [ 1105.921780][T24100] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 1107.327175][T24141] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4686'. [ 1107.864755][T24158] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4691'. [ 1107.867665][T24158] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4691'. [ 1108.089650][T24167] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4696'. [ 1108.149470][T24169] ------------[ cut here ]------------ [ 1108.151269][T24169] WARNING: CPU: 2 PID: 24169 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 1108.154610][T24169] Modules linked in: [ 1108.156617][T24169] CPU: 2 UID: 0 PID: 24169 Comm: syz.0.4697 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1108.161673][T24169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1108.166345][T24169] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0 [ 1108.169202][T24169] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 0f e7 7f 09 83 fe 0a 0f 86 0a fe ff ff 80 3d e6 4a 80 0e 00 75 0b c6 05 dd 4a 80 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8 [ 1108.175392][T24169] RSP: 0018:ffffc900030ff7d0 EFLAGS: 00010246 [ 1108.177369][T24169] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 1108.179925][T24169] RDX: 0000000000000000 RSI: 0000000000000012 RDI: 0000000000040d40 [ 1108.182366][T24169] RBP: 0000000000000012 R08: 0000000000000005 R09: 0000000000000009 [ 1108.184933][T24169] R10: 0000000000000012 R11: 000000000000001e R12: 0000000000040d40 [ 1108.188283][T24169] R13: 1ffff9200061ff0f R14: ffffffff9ae70a24 R15: 0000000000000012 [ 1108.190738][T24169] FS: 0000000000000000(0000) GS:ffff8880976c4000(0063) knlGS:00000000f54f6b40 [ 1108.193543][T24169] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 1108.195609][T24169] CR2: 00000000582434c0 CR3: 000000005d518000 CR4: 0000000000352ef0 [ 1108.198225][T24169] DR0: 0000000000000680 DR1: 0000000000000003 DR2: 0000000000000007 [ 1108.200692][T24169] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1108.203167][T24169] Call Trace: [ 1108.204221][T24169] [ 1108.205170][T24169] ? __do_fast_syscall_32+0x7c/0x3a0 [ 1108.206854][T24169] ? do_fast_syscall_32+0x32/0x80 [ 1108.208498][T24169] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1108.210540][T24169] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1108.212558][T24169] ? rcu_is_watching+0x12/0xc0 [ 1108.214087][T24169] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1108.215974][T24169] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1108.217887][T24169] ? policy_nodemask+0xea/0x4e0 [ 1108.219430][T24169] alloc_pages_mpol+0x1fb/0x550 [ 1108.220973][T24169] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1108.222708][T24169] ? v9fs_fid_get_acl+0x7a/0x120 [ 1108.224294][T24169] ___kmalloc_large_node+0xed/0x160 [ 1108.225938][T24169] ? v9fs_fid_get_acl+0x7a/0x120 [ 1108.227503][T24169] __kmalloc_large_node_noprof+0x1c/0x70 [ 1108.229343][T24169] __kmalloc_noprof.cold+0xc/0x61 [ 1108.231250][T24169] ? __pfx_iget5_locked+0x10/0x10 [ 1108.232856][T24169] ? v9fs_cache_inode_get_cookie+0x28f/0x3a0 [ 1108.234749][T24169] ? p9_req_put+0x1c6/0x250 [ 1108.236186][T24169] v9fs_fid_get_acl+0x7a/0x120 [ 1108.237706][T24169] v9fs_get_acl+0xee/0x530 [ 1108.239189][T24169] v9fs_inode_from_fid_dotl+0x264/0x2f0 [ 1108.240937][T24169] v9fs_mount+0x4fd/0xa90 [ 1108.242352][T24169] ? rcu_is_watching+0x12/0xc0 [ 1108.243920][T24169] ? __pfx_v9fs_mount+0x10/0x10 [ 1108.245461][T24169] ? aa_get_newest_label+0xd2/0x250 [ 1108.247130][T24169] ? apparmor_capable+0x114/0x1d0 [ 1108.248808][T24169] ? __pfx_v9fs_mount+0x10/0x10 [ 1108.250344][T24169] legacy_get_tree+0x109/0x220 [ 1108.252408][T24169] vfs_get_tree+0x8e/0x340 [ 1108.253815][T24169] path_mount+0x1482/0x1fd0 [ 1108.255281][T24169] ? __pfx_path_mount+0x10/0x10 [ 1108.256822][T24169] ? kmem_cache_free+0x2d1/0x4d0 [ 1108.258487][T24169] ? putname+0x154/0x1a0 [ 1108.259834][T24169] ? getname_flags.part.0+0x1c5/0x550 [ 1108.261525][T24169] ? __ia32_sys_mount+0x28b/0x310 [ 1108.263151][T24169] __ia32_sys_mount+0x28b/0x310 [ 1108.264681][T24169] ? __pfx___ia32_sys_mount+0x10/0x10 [ 1108.266377][T24169] ? rcu_is_watching+0x12/0xc0 [ 1108.267989][T24169] __do_fast_syscall_32+0x7c/0x3a0 [ 1108.269600][T24169] do_fast_syscall_32+0x32/0x80 [ 1108.271135][T24169] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1108.273136][T24169] RIP: 0023:0xf7fd1579 [ 1108.274438][T24169] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1108.280466][T24169] RSP: 002b:00000000f54f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 1108.283119][T24169] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800003c0 [ 1108.285578][T24169] RDX: 0000000080000b80 RSI: 0000000000000000 RDI: 0000000080000500 [ 1108.288088][T24169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1108.290545][T24169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1108.292997][T24169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1108.295471][T24169] [ 1108.296489][T24169] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1108.298776][T24169] CPU: 2 UID: 0 PID: 24169 Comm: syz.0.4697 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) [ 1108.301974][T24169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1108.305305][T24169] Call Trace: [ 1108.306377][T24169] [ 1108.307316][T24169] dump_stack_lvl+0x3d/0x1f0 [ 1108.308774][T24169] vpanic+0x6e8/0x7a0 [ 1108.310052][T24169] ? __pfx_vpanic+0x10/0x10 [ 1108.311488][T24169] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 1108.313735][T24169] panic+0xca/0xd0 [ 1108.314979][T24169] ? __pfx_panic+0x10/0x10 [ 1108.316402][T24169] check_panic_on_warn+0xab/0xb0 [ 1108.317982][T24169] __warn+0xf6/0x3c0 [ 1108.319243][T24169] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 1108.321152][T24169] report_bug+0x3c3/0x580 [ 1108.322883][T24169] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 1108.324992][T24169] handle_bug+0x184/0x210 [ 1108.326404][T24169] exc_invalid_op+0x17/0x50 [ 1108.327851][T24169] asm_exc_invalid_op+0x1a/0x20 [ 1108.329390][T24169] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0 [ 1108.331474][T24169] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 0f e7 7f 09 83 fe 0a 0f 86 0a fe ff ff 80 3d e6 4a 80 0e 00 75 0b c6 05 dd 4a 80 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8 [ 1108.337755][T24169] RSP: 0018:ffffc900030ff7d0 EFLAGS: 00010246 [ 1108.339695][T24169] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 1108.342385][T24169] RDX: 0000000000000000 RSI: 0000000000000012 RDI: 0000000000040d40 [ 1108.344904][T24169] RBP: 0000000000000012 R08: 0000000000000005 R09: 0000000000000009 [ 1108.347464][T24169] R10: 0000000000000012 R11: 000000000000001e R12: 0000000000040d40 [ 1108.350135][T24169] R13: 1ffff9200061ff0f R14: ffffffff9ae70a24 R15: 0000000000000012 [ 1108.352633][T24169] ? __do_fast_syscall_32+0x7c/0x3a0 [ 1108.354374][T24169] ? do_fast_syscall_32+0x32/0x80 [ 1108.355976][T24169] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1108.358116][T24169] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1108.360134][T24169] ? rcu_is_watching+0x12/0xc0 [ 1108.361637][T24169] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1108.363686][T24169] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1108.365680][T24169] ? policy_nodemask+0xea/0x4e0 [ 1108.367199][T24169] alloc_pages_mpol+0x1fb/0x550 [ 1108.368729][T24169] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1108.370913][T24169] ? v9fs_fid_get_acl+0x7a/0x120 [ 1108.372741][T24169] ___kmalloc_large_node+0xed/0x160 [ 1108.374421][T24169] ? v9fs_fid_get_acl+0x7a/0x120 [ 1108.375986][T24169] __kmalloc_large_node_noprof+0x1c/0x70 [ 1108.377759][T24169] __kmalloc_noprof.cold+0xc/0x61 [ 1108.379361][T24169] ? __pfx_iget5_locked+0x10/0x10 [ 1108.380952][T24169] ? v9fs_cache_inode_get_cookie+0x28f/0x3a0 [ 1108.382772][T24169] ? p9_req_put+0x1c6/0x250 [ 1108.384230][T24169] v9fs_fid_get_acl+0x7a/0x120 [ 1108.385753][T24169] v9fs_get_acl+0xee/0x530 [ 1108.387177][T24169] v9fs_inode_from_fid_dotl+0x264/0x2f0 [ 1108.388912][T24169] v9fs_mount+0x4fd/0xa90 [ 1108.390285][T24169] ? rcu_is_watching+0x12/0xc0 [ 1108.391836][T24169] ? __pfx_v9fs_mount+0x10/0x10 [ 1108.393390][T24169] ? aa_get_newest_label+0xd2/0x250 [ 1108.395033][T24169] ? apparmor_capable+0x114/0x1d0 [ 1108.396622][T24169] ? __pfx_v9fs_mount+0x10/0x10 [ 1108.398165][T24169] legacy_get_tree+0x109/0x220 [ 1108.399684][T24169] vfs_get_tree+0x8e/0x340 [ 1108.401098][T24169] path_mount+0x1482/0x1fd0 [ 1108.402596][T24169] ? __pfx_path_mount+0x10/0x10 [ 1108.404153][T24169] ? kmem_cache_free+0x2d1/0x4d0 [ 1108.405723][T24169] ? putname+0x154/0x1a0 [ 1108.407091][T24169] ? getname_flags.part.0+0x1c5/0x550 [ 1108.408839][T24169] ? __ia32_sys_mount+0x28b/0x310 [ 1108.410445][T24169] __ia32_sys_mount+0x28b/0x310 [ 1108.411999][T24169] ? __pfx___ia32_sys_mount+0x10/0x10 [ 1108.413707][T24169] ? rcu_is_watching+0x12/0xc0 [ 1108.415248][T24169] __do_fast_syscall_32+0x7c/0x3a0 [ 1108.416872][T24169] do_fast_syscall_32+0x32/0x80 [ 1108.418433][T24169] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1108.420421][T24169] RIP: 0023:0xf7fd1579 [ 1108.421754][T24169] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1108.427773][T24169] RSP: 002b:00000000f54f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 1108.430447][T24169] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800003c0 [ 1108.432954][T24169] RDX: 0000000080000b80 RSI: 0000000000000000 RDI: 0000000080000500 [ 1108.435368][T24169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1108.437786][T24169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1108.440203][T24169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1108.442643][T24169] [ 1108.444390][T24169] Kernel Offset: disabled [ 1108.445727][T24169] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:57:11 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000000 RBX=ffff88802b23b440 RCX=ffffffff81a15b8f RDX=0000000000000000 RSI=ffffffff8c162a00 RDI=ffff888027128444 RBP=ffff888027128000 RSP=ffffc90002f4f308 R8 =0000000000000000 R9 =fffffbfff2156e52 R10=ffffffff90ab7297 R11=1ffffffff1cb97e9 R12=0000000000000001 R13=ffff888027128000 R14=ffffffff90aba444 R15=0000000000000000 RIP=ffffffff81a1db1e RFL=00000807 [-O---PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080001000 CR3=0000000076ff4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=1ffff920005e9eae RCX=ffffffff8205d0fa RDX=ffff888027128000 RSI=000000005d94a867 RDI=ffff888020445600 RBP=ffff888020445600 RSP=ffffc90002f4f570 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=1ffffffff1cb97e9 R12=dffffc0000000000 R13=ffff8880645de1e0 R14=dffffc0000000000 R15=0000000000000001 RIP=ffffffff822c2761 RFL=00000a02 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880975c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080024000 CR3=0000000076ff4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000073 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85614a45 RDI=ffffffff9b0f8680 RBP=ffffffff9b0f8640 RSP=ffffc900030ff140 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552032203a555043 R12=0000000000000000 R13=0000000000000073 R14=ffffffff9b0f8640 R15=ffffffff856149e0 RIP=ffffffff85614a6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880976c4000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000582434c0 CR3=000000005d518000 CR4=00352ef0 DR0=0000000000000680 DR1=0000000000000003 DR2=0000000000000007 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000001162194 RBX=0000000000000003 RCX=ffffffff8b906bf9 RDX=ffffed10056a6656 RSI=ffffffff8c162a00 RDI=ffffffff8190cd41 RBP=ffffed1003865000 RSP=ffffc9000048fdf8 R8 =0000000000000000 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000001 R12=0000000000000003 R13=ffff88801c328000 R14=ffffffff90ab7290 R15=0000000000000000 RIP=ffffffff8b90575f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000033d1bff8 CR3=00000000578a4000 CR4=00352ef0 DR0=0000000000000680 DR1=0000000000000003 DR2=0000000000000007 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000