last executing test programs: 3.391402179s ago: executing program 2 (id=719): socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x4, {}, [{0x90, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x10000, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) socket$kcm(0x10, 0x400000002, 0x0) (async) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000001c0)='\x00', &(0x7f0000000240)='{}k%@\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x800, r4}, 0x38) gettid() fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) (async, rerun: 32) readv(r3, &(0x7f0000000200)=[{&(0x7f0000000080)=""/3, 0x3}], 0x1) (async, rerun: 32) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x7c}}, 0x10) (async, rerun: 32) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) (rerun: 32) ioctl$USBDEVFS_REAPURB(r5, 0x4008550c, &(0x7f0000002680)) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000060a0b0400000000b2000000020000000900020073797a7f000000001400000011000100"/70], 0x48}}, 0x0) (async) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000480)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/277, &(0x7f0000000340)='/\x00\x01\x00H\x98', 0x0) 3.388220698s ago: executing program 2 (id=720): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = io_uring_setup(0x6281, &(0x7f0000000300)={0x0, 0x4960, 0x20, 0x0, 0x361}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x35c9, &(0x7f0000000280)={0x0, 0x42dd, 0x2, 0x2, 0x39a, 0x0, r0}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000200)={0x0, 0x104000, 0x0, 0xa5c}, 0x1c) r6 = socket$inet(0xa, 0x1, 0x86) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x4e23, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0xffffffffffffff4a) listen(r6, 0x8) r7 = socket$netlink(0x10, 0x3, 0x4) writev(r7, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) syz_io_uring_submit(r4, r5, &(0x7f0000000240)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x84640, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0xe) r9 = fcntl$dupfd(r8, 0x0, r8) ioctl$TCFLSH(r9, 0x400455c8, 0x20000000009) r10 = socket$alg(0x26, 0x5, 0x0) r11 = accept4(r10, 0x0, 0x0, 0x0) sendmmsg$inet6(r11, &(0x7f0000004d80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="a67a2f94dccfc6ae460ca60b3a8a515712384d7806f2251ff78c69cd08be7760c435b0b397e0a545bd99b8eecf9c15e9c5edf28518d100b2", 0x38}], 0x1}}], 0x1, 0x0) pipe(&(0x7f0000000080)) pipe(&(0x7f0000000100)) r12 = socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r12, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x2, 0x0, 0x0, 0x3}}, 0x2e) r13 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r13, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x2, @multicast2}, 0x2, 0xfffffffd}}, 0x2e) 2.851301038s ago: executing program 2 (id=724): creat(&(0x7f0000000000)='./file0\x00', 0xc2) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0185649, &(0x7f0000000180)={0xf000000, 0x44, 0xfffffffc, 0xffffffffffffffff, 0x0, 0x0}) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x83, 0x141101) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=@getqdisc={0x28, 0x26, 0x800, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xe, 0xb}, {0xb, 0x9}, {0x8, 0xf}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r5, 0x10c, 0x4, &(0x7f0000000000)=0xfffffffc, 0x4) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f00000000c0), 0x12) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r7 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0) syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r7}}, 0x58) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r8 = dup(r1) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 2.597075455s ago: executing program 0 (id=725): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001440)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x70bd2c, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xfff3, 0xfff2}, {0xe, 0xffff}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}, @TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44045}, 0xc090) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000040)) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback, 0x580d5476}, 0x1c) socket$igmp(0x2, 0x3, 0x2) socket(0x40000000002, 0x3, 0x80000000002) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x34, r7, 0x1, 0x0, 0x0, {0x49}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) preadv(r5, &(0x7f00000013c0)=[{&(0x7f0000000240)=""/4082, 0xff2}], 0x1, 0x73, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000000000000000000000000008500000061000000850000005000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r8, 0x0, 0xe, 0x0, &(0x7f0000000040)="e02742e8680d85ff9782762f88a8", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0xfffffeffffff7f7e, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f00000000c0)={0x0, 0x2, 0x1}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="98", 0x1}], 0x1}, 0x8001) recvmmsg(0xffffffffffffffff, &(0x7f0000002b80)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000180)=""/169, 0xa9}], 0x1}, 0x3}], 0x1, 0x40010003, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=@newtaction={0xea8, 0x30, 0x25, 0x0, 0x0, {}, [{0xe94, 0x1, [@m_pedit={0xe90, 0x1, 0x0, 0x0, {{0xa}, {0xe64, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x3}}}, @TCA_PEDIT_KEYS_EX={0x40, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xea8}}, 0x0) 2.380898712s ago: executing program 3 (id=728): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f0000000180)=0xa, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)) sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000380)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000003f0000000c009900000000000000000044005e80080005000000000008000300000000000825dd000000000010000100000000000000000000000000080007000000000008000100"], 0x64}}, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001f000504000000000000000005"], 0x114}], 0x1}, 0x0) r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x18, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000030feffff720af0fff8ffffff71a4f0ff000000002d040000000000003d400300000000006504000001ed000079110000000000006c440000000000007a0ab0fe000000007b13000000000000c500f9ffffff00009500000000000000023bc065b7a379d17cf9333379fc9e94af05000000f1a864a710aad58db6a693002e6b3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a715bc5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7a29aa0d7d600c095199fe3ff3128c4e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d0800af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d390dd65be2467b373eafd9aa58f2077184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c5da18ec0ae564162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b93d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6ffc3a15d96c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7cd86975023cb08cc7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c5538a294270a1ad10c80fef7c24c87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e17fb1c1ca571380d7b4ead35a655e0b4a26b702396df7e0cbe02b6e4314f244a94aa8e98b0b263f0083bf93f05beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba5823a34a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae2ed9dc06000000000000008fe26e37037f27f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e05000000d03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d0a874c74b777df005c55fc30511d00000000c85265b2bd83d64a532869d708000000000000007baa5b6a682b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a56edbd287eba77f35c35d91f3c62a0ca74836a640224de85f2b4a5fee500bbc584328a6a7a4628c4378c9b71dff64075b74a6520adb187b40d2cccbcb08c0634ee74658d3e23bf2871ed2aa2a05e319374511c8b0bf1b69d2b3782b3f481c314e7bd4615dbbf24c06ac95bd639e68d0e6aa7f0d07bf69a93365f803f0144af37236ea133c2255b0613bf8ba1d538e06c2411e8d70053b712084fd0e313de9bb19266e49a3a2190cb039c6f89610acd896319b9c8d1b8aac2eaa5a4f8be7419a09e3fb5be3be2fcdadd2299839cc40e684e6e2b4e1385fde7a0babcb0be672110268a34dad364fddee69e564119cebb6940c6356ff83ca527c573d700000000000000c6299263e6d9097f225de969485bce3d7dc471c0669bb6a467cf0de54dfcc1857048fe22a19dbb1b3cb9babaa839f1f6e817a62d95a5b971ff96a5c66c338c6f2a2da4644519f40761402e9c81013d76c7152c95ba5efa24ce1930f23a2277f057ffb6b0144f3b434a2adc456ef4d2fbdf7c6238c2bb00ffcf2d23d68cb9b027f3b22589f7956b66c5692b46ea03abb6a404c8ccceaa4ba4161409fcb54b86eaca26b24464e0ff504b87c90697ec2a82bbfd1c31713190d3e6e502c434909d6ba06cd0361a0fd90552272f24519ea9938413947edd3a0a7aa780c1dcdddf13b46ca94f37c89664c9cc1857d64ca371fa1b6131"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, r2, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendto$inet6(r0, &(0x7f0000000040)="ff", 0x1, 0x40408c4, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @private1, 0x7}, 0x1c) 2.380452835s ago: executing program 0 (id=729): r0 = semget$private(0x0, 0x4000, 0x764) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) semctl$SEM_STAT(r0, 0x1, 0x12, 0x0) mkdir(&(0x7f00000009c0)='./file0\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000001f0000000200000022bf000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000018000100"/22], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r3, 0x0, 0xa002a0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)="00e6ecdd95237af64b988efcca8e65bbb35e05a2de41edc940cb226189d55c00f2dbd35ef147d7ae06c1d159ae23d79700ba75bedb31e5e67627", 0x0, 0xfffffffe, r3}, 0x38) socket$unix(0x1, 0x5, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) r5 = socket(0x11, 0x2, 0x0) setsockopt(r5, 0x107, 0x1, &(0x7f00000001c0)="010000000000060000071a80010061cc", 0x10) close(r5) connect$unix(r5, 0x0, 0x0) connect$vsock_stream(r5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) connect$can_bcm(r4, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x20000600}}, 0x0) sendmsg$can_bcm(r4, 0x0, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, 0x0) ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000000540)={@empty, @empty, @private1, 0x0, 0x6, 0x0, 0x0, 0x1, 0x4400046}) ioctl$UI_DEV_SETUP(r2, 0x405c5503, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) r7 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) ioctl$SG_IO(r7, 0x2285, &(0x7f0000000740)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="a1f8a81b133d", 0x0, 0xfffffffe, 0x0, 0x0, 0x0}) 2.240432669s ago: executing program 3 (id=730): socket$inet6_tcp(0xa, 0x1, 0x0) (async) r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) (async) listen(r0, 0x0) (async) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) (async) accept4$unix(r0, 0x0, 0x0, 0x0) (async) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = socket(0x10, 0x3, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x58, 0x24, 0xd0f, 0x70bd2d, 0x2, {0x60, 0x0, 0x0, r4, {0x0, 0x3}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_sfb={{0xffffffffffffff38}, {0x2c, 0x2, @TCA_SFB_PARMS={0xfffffffffffffd91, 0x1, {0x98, 0x3, 0x5, 0x836, 0x6, 0xfffffff6, 0x3, 0xffffffff}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000001}, 0x44080) syz_emit_ethernet(0xf0, &(0x7f0000000400)={@local, @remote, @void, {@generic={0x8917, "ec62a4c2464ac669531ba91d250f18496ebf782a1c65e0225a54f1dcae205279a1fed0c10577017ba4c91e813c36db2518f6af953dd2b1c6c7878680c6040cbf15c714e702c25d9624a5acdde5ad250336f486a0a8bf16a457359765cd4d28a5215b345b93a60f643ec9ffa7ab38cead6a23f6a13db5b3cead4c03fc218eadb758e51a679ce47bf214ea6e8def7f563d62184c6ab3da45cb971c5d930686ba19786794d411c8c4d0362dbf7d70d37ed3717cc023a413fa657af49ce2659ddf3cfeb35bbc66762bd32c978a8a3acccb4f866d5d15f4c52c9f6d46174ec11f926dc3a7"}}}, &(0x7f0000000100)={0x1, 0x4, [0xd8, 0x7ab, 0xc67, 0xf4b]}) (async) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900", 0xffffffffffffffff}) prctl$PR_GET_TSC(0x19, &(0x7f0000000140)) (async) r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESOCT=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r7]) (async) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r8 = syz_open_dev$usbfs(&(0x7f0000000040), 0xc, 0x101301) syz_emit_ethernet(0x76, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaa05aaaa0000000000000800450000680000000000b8677e32bacd09a602430000000000000000110000ffffffffac1414aa440c0001000000004e210000442c0001e0000001000000000080000000000000ac14140000b200000000000000000004ffffffff000000001300000000000000000000414ec98b2e3c3841f97330be98e89257711c1fd07f65583f88f97d50d1a84e9774c51a7f4c097df0b3db6babfd91c65950da9bcaa37380ca353b9feca4c5740e22e66737bcf68132f40c79bab8df49513a75cff8b18b9ad4b677b770612e4dd31525b7bdd7f3a70810794b82d3df7ae15f69c3264eef22e726cc029c53e964f0460ce95adbaaa5748a048e8d1601f03ee914c97a"], 0x0) (async) ioctl$USBDEVFS_FREE_STREAMS(r8, 0x802c550a, &(0x7f0000000080)=ANY=[@ANYBLOB="0200a00690b3ad0707000003000020d394bf0000000000000000002f8d2f000000000000"]) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r11, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x699, r9, 0x0, 0x0, 0x0, 0x0, 0x0, r9}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r10, &(0x7f0000000180)="6d74af2a", 0x4}]) (async) r12 = request_key(&(0x7f0000000800)='asymmetric\x00', &(0x7f0000000280)={'syz', 0x3}, &(0x7f00000002c0)='9p\x00', 0x0) (async) r13 = add_key$user(&(0x7f0000000380), &(0x7f0000000680)={'syz', 0x1}, &(0x7f00000006c0)="d2d36e759d911812ccb90a95415892d1eed1c097a231bd8ab2efb67574abff0dc3cfbb9350e55e5c1eca69f0af9e6897a99f8c4c91c4796c8ec8b96b1f8049831ec57605cdd5b42d6a34d07d9f0686e49642a552251c6072c394e5715e512f7c569965fc6842f3c2104a09bd4367ec5766022af0f0904d4088fd52835ff744758bb43454", 0x84, 0xfffffffffffffff8) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r12, &(0x7f0000000340)='blacklist\x00', &(0x7f00000007c0)=@keyring={'key_or_keyring:', r13}) (async) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) 2.130917877s ago: executing program 1 (id=731): r0 = socket$kcm(0x2, 0x3, 0x84) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x0) (async) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$alg(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) (async) sendmsg$alg(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), r2) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2) sendmsg$nl_generic(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000040c0)=ANY=[], 0x10d4}, 0x1, 0x0, 0x0, 0x20000085}, 0x4040044) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) (async) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) sendmsg$inet(r0, &(0x7f00000004c0)={&(0x7f0000000140)={0x2, 0x0, @local}, 0x10, 0x0}, 0x4008804) (async) sendmsg$inet(r0, &(0x7f00000004c0)={&(0x7f0000000140)={0x2, 0x0, @local}, 0x10, 0x0}, 0x4008804) sendmsg$inet(r0, &(0x7f0000000a00)={&(0x7f0000000840)={0x2, 0x4e20, @loopback}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000880)="c1090a000000000000001d1e02af80f3ca9f101688ebee827a1e423149922ce5", 0x20}], 0x1}, 0x4040) 2.031391407s ago: executing program 3 (id=732): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = io_uring_setup(0x6281, &(0x7f0000000300)={0x0, 0x4960, 0x20, 0x0, 0x361}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x35c9, &(0x7f0000000280)={0x0, 0x42dd, 0x2, 0x2, 0x39a, 0x0, r0}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000200)={0x0, 0x104000, 0x0, 0xa5c}, 0x1c) r6 = socket$inet(0xa, 0x1, 0x86) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x4e23, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0xffffffffffffff4a) listen(r6, 0x8) r7 = socket$netlink(0x10, 0x3, 0x4) writev(r7, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) syz_io_uring_submit(r4, r5, &(0x7f0000000240)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x84640, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0xe) r9 = fcntl$dupfd(r8, 0x0, r8) ioctl$TCFLSH(r9, 0x400455c8, 0x20000000009) r10 = socket$alg(0x26, 0x5, 0x0) r11 = accept4(r10, 0x0, 0x0, 0x0) sendmmsg$inet6(r11, &(0x7f0000004d80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="a67a2f94dccfc6ae460ca60b3a8a515712384d7806f2251ff78c69cd08be7760c435b0b397e0a545bd99b8eecf9c15e9c5edf28518d100b2", 0x38}], 0x1}}], 0x1, 0x0) pipe(&(0x7f0000000080)) pipe(&(0x7f0000000100)) r12 = socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r12, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x2, 0x0, 0x0, 0x3}}, 0x2e) r13 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r13, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x2, @multicast2}, 0x2, 0xfffffffd}}, 0x2e) 1.868234507s ago: executing program 1 (id=733): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x14, 0x2, [@TCA_HHF_HH_FLOWS_LIMIT={0x8, 0x3, 0x1}, @TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0x1}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x0) r3 = openat$vicodec1(0xffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VIDIOC_G_EDID(r3, 0xc0245628, &(0x7f0000000180)={0x0, 0x48000, 0xa, '\x00', &(0x7f0000000140)=0x40}) 1.867985296s ago: executing program 2 (id=734): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x3a, 0x200007fd, &(0x7f0000000180)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000035c0)=""/4106, 0x100a}, {&(0x7f00000003c0)=""/206, 0xce}], 0x2, 0x0, 0x0, 0x407006}, 0x104) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x10) 1.860007897s ago: executing program 0 (id=735): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x4, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0xfffffffffffffebe, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x1}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) times(0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) syz_open_dev$sndmidi(&(0x7f0000000380), 0x4, 0x640a00) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfe00, 0xa0}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9a02fff0}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000580)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00') r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r6, 0x0) setpgid(0x0, r6) 1.781360562s ago: executing program 1 (id=736): dup2(0xffffffffffffffff, 0xffffffffffffffff) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000240)='./file1\x00') r0 = open(&(0x7f00000001c0)='.\x00', 0x20000, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x38, 0x2, {{0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x8003}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x7fffffff, 0x0, 0xfffffffd, 0x100000}}]}]}}}]}, 0x68}}, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty, 0x400000}, 0x1c) listen(r3, 0xfffffffd) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='./file1\x00', r5, &(0x7f0000000100)='./file1\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180)) ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0) 1.501521594s ago: executing program 3 (id=737): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000040)=0x4, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000240)=ANY=[@ANYRES64, @ANYRES8, @ANYRESOCT], &(0x7f0000000000)='GPL\x00', 0x8, 0xa2, &(0x7f0000000140)=""/162, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000340)=[{0x1, 0x1, 0xa, 0xb}, {0x5, 0x2, 0x13, 0x6}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = socket$packet(0x11, 0x2, 0x300) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x2000011, r4, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000340)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xf, 0x0, 0xfffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}}) r5 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0) ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c01eaf07677d18bc"}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x7, 0x0, 0x0, 0x7fdfffff}]}) syz_init_net_socket$rose(0xb, 0x5, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r7) getsockname$packet(r7, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r8, @ANYBLOB="00000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) openat$drirender128(0xffffff9c, &(0x7f0000000100), 0x1, 0x0) keyctl$restrict_keyring(0x3, 0x0, 0x0, 0x0) request_key(&(0x7f0000000480)='keyring\x00', &(0x7f00000004c0)={'syz', 0x1}, 0x0, 0x0) 1.161810264s ago: executing program 3 (id=738): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[], 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xd50, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 971.098886ms ago: executing program 3 (id=739): openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/meminfo\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$swradio(&(0x7f0000002440), 0x1, 0x2) r3 = syz_io_uring_setup(0x117, &(0x7f0000000300), &(0x7f0000000280)=0x0, &(0x7f0000000200)=0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0xc1205531, &(0x7f0000002680)=""/4104) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r7, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x8c8, 0x0, 0x0}) ioctl$KVM_GET_VCPU_EVENTS(r8, 0x4048aecb, &(0x7f0000000080)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x8, 0x200000005c831, 0xffffffffffffffff, 0x0) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) 970.648659ms ago: executing program 2 (id=740): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000340)=ANY=[@ANYBLOB="400000001000030527bd700000000000000000007f3b2f611f536ceb12f9a5de9b815f6ff5684f63afdb7c4ccda9c353f9696cbe22f2dcfaf7ff7d22bb0abc0c865ade87b168348300a2006216bdaa154e96a3c7ad6ae620795da0fa2fa802c48df1dcf989000ea4629436bf4c70350f2216159ba14be4382a87e13e5f3ae2253fa28fdc3c22cd9b362a09f734fda2aefc071c5e87b432befdf2c6687994dce83091c7696e5810a1a7ead11f4893bba2f8cfacba9f69d3db67f7096093e65f942d8a3b14cc00f4623d5f7d48054fadc40c9d0bfe9c8524c089642f06f57a459cc2d4cfe11da60b66fc91e2d7a9bfedc136af3a6e3ee41a86546b6e7840f4", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800c0001006d6163766c616e00100002800a0004000000000000000000"], 0x40}}, 0x40000) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0xfffffff8, 0xffe}, 0x10) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x2}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000000)={0x0, 0x2}, &(0x7f0000000180)=0x0, &(0x7f0000000380)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r4, 0x381b, 0x0, 0x0, 0x0, 0x0) r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r7, &(0x7f0000000300)={{0x6, @rose}, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_buf(r9, 0x1, 0x1c, 0x0, &(0x7f0000000300)) fsetxattr(r3, &(0x7f0000000200)=@random={'user.', '+/@+\x19\\\x00'}, &(0x7f0000000240)='/dev/net/tun\x00', 0xd, 0x0) fcntl$setstatus(r8, 0x4, 0x2000) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@delchain={0x24, 0x5f, 0xf31, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, {0x6, 0x8}}}, 0x24}}, 0x0) 891.321372ms ago: executing program 1 (id=741): prctl$PR_SET_IO_FLUSHER(0x39, 0x1) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x8c031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000380)={'syztnl2\x00', &(0x7f0000000300)={'gre0\x00', 0x0, 0x700, 0xff00, 0x4, 0x13, {{0x5, 0x4, 0x1, 0x6, 0x14, 0x66, 0x0, 0x7, 0x29, 0x0, @multicast1, @local}}}}) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'macsec0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="b000000010000100"/20, @ANYRES32=r2, @ANYBLOB="524202000000000084001680800001807c000c8014000100bbad0000e102000029000000810000001400010070040000ea0900000400000088a80000140001039d92bf00a20000000900000088a800001400010006000000690500000400000088a8000014000100190c0000400200000500000088a8000014000100ff07000044080000fdffffff88a800000a0001"], 0xb0}}, 0x0) madvise(&(0x7f00001c1000/0x3000)=nil, 0x40000, 0x9) 751.538926ms ago: executing program 0 (id=742): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x14, r2, 0x1, 0x0, 0xfffffffe}, 0x14}}, 0x40000) (async) mknod(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) (async) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) (async) r3 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x2, 0x0) (async) r4 = open(&(0x7f00000002c0)='./bus\x00', 0x42202, 0x0) splice(r3, 0x0, r4, 0x0, 0x114, 0xc) (async) r5 = open$dir(&(0x7f0000000100)='./file0\x00', 0x101000, 0x118) fcntl$setpipe(r5, 0x407, 0x1000000) (async) r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x481, 0x0) vmsplice(r6, &(0x7f0000000240)=[{&(0x7f0000000300)="10", 0x1}], 0x1, 0x0) (async) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000009c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x4b4, 0x324, 0x0, 0x94, 0x1e0, 0x420, 0x420, 0x420, 0x420, 0x420, 0x420, 0x6, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x6, 0x0, 0x40}, 0x0, 0x70, 0x94}, @ECN={0x24, 'ECN\x00', 0x0, {0x20}}}, {{@uncond, 0x0, 0x70, 0x94}, @TTL={0x24}}, {{@uncond, 0x0, 0x94, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @TTL={0x24}}, {{@uncond, 0x0, 0xe4, 0x144, 0x0, {}, [@inet=@rpfilter={{0x24}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @common=@SET={0x60}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'macvtap0\x00'}, 0x0, 0x9c, 0xfc, 0x0, {}, [@common=@inet=@udplite={{0x2c}}]}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x510) 611.264853ms ago: executing program 2 (id=743): openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/meminfo\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$swradio(&(0x7f0000002440), 0x1, 0x2) r3 = syz_io_uring_setup(0x117, &(0x7f0000000300), &(0x7f0000000280)=0x0, &(0x7f0000000200)=0x0) r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r6, 0xc1205531, &(0x7f0000002680)=""/4104) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000080), 0x4) ioctl$KVM_XEN_HVM_CONFIG(r8, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x8c8, 0x0, 0x0}) ioctl$KVM_GET_VCPU_EVENTS(r9, 0x4048aecb, &(0x7f0000000080)) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) 610.569376ms ago: executing program 0 (id=744): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000000)=0x8, 0x4) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f00000024c0)={0xa, 0x7, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x8}, 0x20) r3 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x1}, 0x20) syz_emit_ethernet(0x8e, &(0x7f00000003c0)=ANY=[@ANYRES8=r3, @ANYRESDEC=r1], 0x0) timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(0xffffffffffffffff, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'macvlan0\x00'}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r4, {0x1}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0xfffffcce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(0xffffffffffffffff) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) bpf$MAP_CREATE(0x0, 0x0, 0xfffffef7) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, 0x0, &(0x7f0000000100)) sendmsg$NL80211_CMD_DEL_INTERFACE(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fddbdf2508000000080003", @ANYRES32=0x0, @ANYRESHEX=r0], 0x28}, 0x1, 0x0, 0x0, 0x4048001}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x3242000, &(0x7f0000000180)=ANY=[@ANYRES32=r8, @ANYRESHEX=0x0, @ANYRESHEX=r6]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000280)='./file1\x00') open(&(0x7f00000002c0)='./file0\x00', 0xa0000, 0x0) 61.623019ms ago: executing program 1 (id=745): r0 = gettid() timer_create(0x5, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f00000003c0)) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000002a0400000000000000000000e71bee6425f28e2f3a060000080800018004008180"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f0000000040)="240000001a005f0014f9f507000909000a00000000000000020000000800020000000000", 0x24) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) (async) sendmsg$ETHTOOL_MSG_EEE_SET(r2, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000580)={&(0x7f0000000880)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYRES16], 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x44080) (async) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) (async) r5 = dup(r4) (async) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r7, 0x1, 0x21, &(0x7f0000000040), 0x4) (async, rerun: 64) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty, 0xb}, 0x1c) (async, rerun: 64) listen(r6, 0x0) (async) syz_emit_ethernet(0x4a, &(0x7f0000000400)=ANY=[@ANYRESDEC=0x0, @ANYRES8=0x0, @ANYBLOB="09e9153370b2568ddbb03c5eae551b09b71fffc992f7f571250aa6bb599a8b3b00b618e231e03f4610d7c682a13b4447105021e4b66ff337799ae9844e002ad902b6b049dc2efbf1a56b4b", @ANYRES32=r7], 0x0) (async) r8 = openat$nvram(0xffffff9c, &(0x7f0000000340), 0x421083, 0x0) write$FUSE_DIRENTPLUS(r8, &(0x7f0000000600)=ANY=[@ANYRESDEC=r8, @ANYBLOB="d816fc3636efd7846c18784e0a1445df182a3160465e4c98423e76c07779aae65d8db7b610400c30bb12e7d6a7c4760b3bb62d9b6374c0e36f1db29582ba1e10590cb54254f8c3c91cf81e9d92be6a8e72f514eb35464b221058b1c8a85d77aff299c769872e9a6e84fa4e85ea183a96c2", @ANYRES8=r0, @ANYRESDEC=r6, @ANYRES8=r5, @ANYRESHEX=r6, @ANYRES64=r3, @ANYRES8=r4, @ANYRES32, @ANYBLOB="97928ef59a5066dd242a3b9ab3a881df01c7858fac10fd28cd9202dacc3d8b96"], 0xb0) (async, rerun: 64) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, &(0x7f0000000380)={0x0, 0x0, r5}) (rerun: 64) write$FUSE_GETXATTR(r5, &(0x7f00000000c0)={0x18}, 0x18) ioctl$SNDCTL_SEQ_SYNC(r5, 0x5101) write$FUSE_INIT(r5, &(0x7f00000004c0)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x29, 0x402004, 0x1922008, 0x4, 0x1006, 0x6, 0xfffffff7, 0x0, 0x0, 0x134, 0xe}}, 0x50) r10 = memfd_create(&(0x7f0000002080)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\x00\x00\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;X\x14\x97\xabh\xd1/\x84\x8a\x91$GY\xeb\x8f\xec\xb4\xf9\x1f\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2\x02\x00\x00\x00\x00\x00\x00\x006\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v2*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1f\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\xc95\xcc\xb6\xf6\xe8o\xfd\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\x02\xfd--\"\xee\xdc\xce\xe9-\xebY\x9e\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D!\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xd3\x84d\xf4\x134\x00\x00\x00\x00h\xaa\x15\x9a\xf7\x03\x00%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x97\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60k\x00\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91\x808`\x86\xbc)\xc6\x12\x8c_x\xa8\xfa\xf5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x81\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x9b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\xb35\x00\xfb\xac8wAph\xb4\x9d\x14\xf7\xec+f\'\xa3\xb9\xaf\x87X\xec\x13\x9c\xc5\x84\xde\x1b\x11\xe8\\}\xf81\xe6U3\xf9~\xdfD[\x1a\x02\x1f\xd2\x1as-\x9c\x01\x86\xa7\xb8\xc5\xeeOg\x99j\xedu\xafO@\x8e\xf24w\xad\x130Z&\xcb\x81\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Lo\x12\x00\xa2\xa5$9\x05O\xfe\x0e\xd2N\x98\x84\x10\x01\x89\xaa)\x118\xcd\xf8>\xab\xd9\xbd\xcfH\xa5\x8e\x14\x12\xb0OF\x80\xbb\xb6B\x80Q \x85\'w\xc8D\xf9\xfa\fq\x9e\x83I\xe5\n\xae8\xb7\f\xab#\x85Y\xeeH\x98\x84\x8cRv\xdcZ<\x80\xbd\x8d~\n\x88-\xa1\x97\xaf2e\xa6\'\x8aQ\x85}\xf1\rJF\f\x8c_\x01\xbe\'\v1\xccL\x0e\x05\xbdIa\x85\xb8\x14\xe0;}\xb7\x11\xb5\xfa\xeb\x13\xd3\x92\x8a\xe47\xf9\x12\xd9\xd5\x99\xf4\t\xdf\x058\xc4]\xf7\x16J\xf9\xce\xf0zG\xe6i\xf1~\xaaL\xa5\xd5\xe5L\xban?\'\x11B\xeav\xbf|\xc6\xc9\xa4m\xfc0\x16\vN\xdel\xaa\xb7\x83\'\a510\xbc\x95\a\xbf\x83\f\xa6>\xd4Z\'\xdc\xe5\x9c1\xf8\xb9\x0f\xed\x9dT\xe7\x92\xd67j\xe6O\xba\xe8\xce!\x87\xa2\x14.!\xfe\xa2\x8a2\xf1_h\xcfA\xcdh<<\xcf\xe1\xbe\xa2V\xd6Q\x875\xf2\xd5\x14:H\x8d\xfd\xbf\xd9\x16:`Bm\xc2)=\xe1\xbd\x7fgw3d\x04L\xe7l4qX\xb9\xfb\f\x96\xeb\xd4\x1e\x7f\xe1\xa4\xd9\xa4\xdb\xfa7\xd6e\x12', 0x3) fcntl$setstatus(r10, 0x4, 0x42000) (async) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6, 0x12, r10, 0x0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140), 0x200001, &(0x7f0000000180)=ANY=[@ANYRES16=r9, @ANYRES32=r7, @ANYRESOCT]) (async) add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "7fa83dab0d3366512d5be849797d7df93815e60c650932d7ec32e239af37da22bb8a3ea6000000000000a266d67a08835a00", 0x4000000}, 0x48, 0xfffffffffffffffd) 56.892989ms ago: executing program 0 (id=746): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000001c0)='contention_end\x00', r0}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x200) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prlimit64(0x0, 0xe, 0x0, 0x0) (async) sched_setscheduler(0x0, 0x1, 0x0) (async) getpid() (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa4) (async) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000001c0)='contention_end\x00', r0}, 0x18) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x200) (async) 0s ago: executing program 1 (id=747): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0x8210a580, &(0x7f0000002140), 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x8, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="84010000100013070000000000000000fe8000000000000000000000000000bbac1e000100"/64, @ANYRES32=r0, @ANYRES32=0x0, @ANYRESDEC=r0], 0x184}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:65062' (ED25519) to the list of known hosts. [ 48.415906][ T5931] cgroup: Unknown subsys name 'net' [ 48.542579][ T5931] cgroup: Unknown subsys name 'cpuset' [ 48.547291][ T5931] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.503354][ T5931] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.642715][ T5943] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.648878][ T5956] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.653464][ T5956] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.657588][ T5956] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.660586][ T5956] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.663581][ T5956] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.665929][ T5956] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.668138][ T5956] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.671841][ T5956] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.674072][ T5956] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.676518][ T5956] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.679996][ T5956] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 53.682333][ T5956] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.684443][ T5956] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.688188][ T5956] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 53.688923][ T5954] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.690577][ T5956] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.693953][ T5954] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.698759][ T5960] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.698829][ T5954] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.702363][ T5960] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 53.704517][ T5954] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 53.707148][ T5960] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.709264][ T5954] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.934813][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 53.946431][ T5945] chnl_net:caif_netlink_parms(): no params data found [ 54.024409][ T5942] chnl_net:caif_netlink_parms(): no params data found [ 54.120438][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.124024][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.128052][ T5945] bridge_slave_0: entered allmulticast mode [ 54.130996][ T5945] bridge_slave_0: entered promiscuous mode [ 54.135923][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.138487][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.140767][ T5949] bridge_slave_0: entered allmulticast mode [ 54.142961][ T5949] bridge_slave_0: entered promiscuous mode [ 54.166059][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 54.171619][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.174569][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.177848][ T5945] bridge_slave_1: entered allmulticast mode [ 54.181231][ T5945] bridge_slave_1: entered promiscuous mode [ 54.185209][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.192603][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.195615][ T5949] bridge_slave_1: entered allmulticast mode [ 54.199005][ T5949] bridge_slave_1: entered promiscuous mode [ 54.260332][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.263863][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.266993][ T5942] bridge_slave_0: entered allmulticast mode [ 54.270237][ T5942] bridge_slave_0: entered promiscuous mode [ 54.314008][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.319304][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.323155][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.325574][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.328708][ T5942] bridge_slave_1: entered allmulticast mode [ 54.331500][ T5942] bridge_slave_1: entered promiscuous mode [ 54.365157][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.370861][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.390422][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.447728][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.457809][ T5945] team0: Port device team_slave_0 added [ 54.522367][ T5945] team0: Port device team_slave_1 added [ 54.530098][ T5949] team0: Port device team_slave_0 added [ 54.535651][ T5942] team0: Port device team_slave_0 added [ 54.542104][ T5942] team0: Port device team_slave_1 added [ 54.567307][ T5949] team0: Port device team_slave_1 added [ 54.577778][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.579987][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.582104][ T5947] bridge_slave_0: entered allmulticast mode [ 54.584279][ T5947] bridge_slave_0: entered promiscuous mode [ 54.588713][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.591511][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.594258][ T5947] bridge_slave_1: entered allmulticast mode [ 54.597354][ T5947] bridge_slave_1: entered promiscuous mode [ 54.667499][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.670305][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.680563][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.686157][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.690549][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.700927][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.707583][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.710449][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.720939][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.738831][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.741250][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.750129][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.754617][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.757631][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.767798][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.772676][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.775343][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.785362][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.792088][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.800304][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.850237][ T5947] team0: Port device team_slave_0 added [ 54.854473][ T5947] team0: Port device team_slave_1 added [ 54.882389][ T5949] hsr_slave_0: entered promiscuous mode [ 54.885402][ T5949] hsr_slave_1: entered promiscuous mode [ 54.985094][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.987951][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.004485][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.023822][ T5942] hsr_slave_0: entered promiscuous mode [ 55.027172][ T5942] hsr_slave_1: entered promiscuous mode [ 55.030121][ T5942] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.033393][ T5942] Cannot create hsr debugfs directory [ 55.037578][ T5945] hsr_slave_0: entered promiscuous mode [ 55.039583][ T5945] hsr_slave_1: entered promiscuous mode [ 55.041444][ T5945] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.043614][ T5945] Cannot create hsr debugfs directory [ 55.045700][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.048386][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.057496][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.193997][ T5947] hsr_slave_0: entered promiscuous mode [ 55.197059][ T5947] hsr_slave_1: entered promiscuous mode [ 55.199751][ T5947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.202769][ T5947] Cannot create hsr debugfs directory [ 55.394263][ T5949] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.404817][ T5949] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.412471][ T5949] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.419645][ T5949] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.445320][ T5945] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.451022][ T5945] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.455924][ T5945] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.468909][ T5945] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.498490][ T5942] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.504135][ T5942] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.509508][ T5942] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.514255][ T5942] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.563689][ T5947] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.569181][ T5947] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.574013][ T5947] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 55.579529][ T5947] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.646530][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.651553][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.687826][ T5945] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.691391][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.696662][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.717808][ T5960] Bluetooth: hci3: command tx timeout [ 55.725014][ T1236] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.728234][ T1236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.733687][ T1236] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.736748][ T1236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.741126][ T1236] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.744053][ T1236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.754284][ T1236] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.757255][ T1236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.786116][ T5942] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.796674][ T5960] Bluetooth: hci1: command tx timeout [ 55.796736][ T5952] Bluetooth: hci0: command tx timeout [ 55.797963][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.803980][ T5299] Bluetooth: hci2: command tx timeout [ 55.809572][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.812631][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.820236][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.823078][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.841653][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.855895][ T97] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.858654][ T97] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.871653][ T97] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.874368][ T97] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.944680][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.954516][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.989539][ T5949] veth0_vlan: entered promiscuous mode [ 56.002482][ T5949] veth1_vlan: entered promiscuous mode [ 56.015643][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.031721][ T5945] veth0_vlan: entered promiscuous mode [ 56.041139][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.048908][ T5945] veth1_vlan: entered promiscuous mode [ 56.060604][ T5949] veth0_macvtap: entered promiscuous mode [ 56.071366][ T5949] veth1_macvtap: entered promiscuous mode [ 56.099626][ T5945] veth0_macvtap: entered promiscuous mode [ 56.102641][ T5942] veth0_vlan: entered promiscuous mode [ 56.105851][ T5947] veth0_vlan: entered promiscuous mode [ 56.109852][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.115013][ T5945] veth1_macvtap: entered promiscuous mode [ 56.123959][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.129734][ T5947] veth1_vlan: entered promiscuous mode [ 56.135285][ T5949] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.139307][ T5949] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.142327][ T5949] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.144808][ T5949] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.149358][ T5942] veth1_vlan: entered promiscuous mode [ 56.181928][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.185042][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.190907][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.195955][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.201083][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.205892][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.215307][ T5945] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.218447][ T5945] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.221573][ T5945] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.224953][ T5945] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.231430][ T5947] veth0_macvtap: entered promiscuous mode [ 56.239396][ T5947] veth1_macvtap: entered promiscuous mode [ 56.267379][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.270149][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.281241][ T5942] veth0_macvtap: entered promiscuous mode [ 56.285614][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.291174][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.295141][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.300754][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.306591][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.324034][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.327638][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.330852][ T5947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.333799][ T5947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.337617][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.342812][ T5942] veth1_macvtap: entered promiscuous mode [ 56.347209][ T1236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.349717][ T1236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.358095][ T5942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.361999][ T5942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.365880][ T5942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.370795][ T5942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.374688][ T5942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.379303][ T5942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.384079][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.389587][ T5942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.392973][ T5942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.397068][ T5942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.401194][ T5942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.404881][ T5942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.411952][ T5942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.417266][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.420777][ T5947] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.424425][ T5947] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.428764][ T5947] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.432175][ T5947] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.433636][ T5949] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.450838][ T5942] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.454316][ T5942] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.457950][ T5942] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.461041][ T5942] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.484453][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.487544][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.512433][ T220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.515550][ T220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.533305][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.538934][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.560335][ T1236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.563257][ T1236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.563340][ T220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.572570][ T220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.611855][ T1236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.621905][ T1236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.675845][ T6012] pim6reg: entered allmulticast mode [ 56.687811][ T6012] pim6reg: left allmulticast mode [ 56.791215][ T6019] ======================================================= [ 56.791215][ T6019] WARNING: The mand mount option has been deprecated and [ 56.791215][ T6019] and is ignored by this kernel. Remove the mand [ 56.791215][ T6019] option from the mount to silence this warning. [ 56.791215][ T6019] ======================================================= [ 56.974827][ T6023] program syz.2.3 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 57.056585][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.066630][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 57.077049][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 57.414705][ T5988] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 57.426718][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.459292][ T6026] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 57.586508][ T5988] usb 6-1: Using ep0 maxpacket: 16 [ 57.591025][ T5988] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 57.594753][ T5988] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 57.598635][ T5988] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 57.611527][ T5988] usb 6-1: config 0 descriptor?? [ 57.676665][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.680604][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.683988][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.687696][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.691064][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.796467][ T5299] Bluetooth: hci3: command tx timeout [ 57.821043][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 57.877392][ T5299] Bluetooth: hci2: command tx timeout [ 57.879666][ T5299] Bluetooth: hci0: command tx timeout [ 57.886659][ T5952] Bluetooth: hci1: command tx timeout [ 58.477358][ T6019] netlink: 'syz.1.2': attribute type 1 has an invalid length. [ 58.984202][ T6045] Zero length message leads to an empty skb [ 59.103854][ T6046] process 'syz.0.8' launched '/dev/fd/10' with NULL argv: empty string added [ 59.280658][ T6046] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8'. [ 59.350839][ T6048] EXT4-fs (nullb0): VFS: Can't find ext4 filesystem [ 59.886629][ T5952] Bluetooth: hci3: command tx timeout [ 59.957205][ T5952] Bluetooth: hci1: command tx timeout [ 59.960717][ T5952] Bluetooth: hci0: command tx timeout [ 59.963445][ T5952] Bluetooth: hci2: command tx timeout [ 60.650009][ T834] usb 6-1: USB disconnect, device number 2 [ 61.005567][ T6074] vivid-000: ================= START STATUS ================= [ 61.016411][ T6074] vivid-000: Radio HW Seek Mode: Bounded [ 61.024306][ T6074] vivid-000: Radio Programmable HW Seek: false [ 61.028803][ T6074] vivid-000: RDS Rx I/O Mode: Block I/O [ 61.034906][ T6074] vivid-000: Generate RBDS Instead of RDS: false [ 61.038455][ T6074] vivid-000: RDS Reception: true [ 61.040248][ T6074] vivid-000: RDS Program Type: 0 inactive [ 61.042285][ T6074] vivid-000: RDS PS Name: inactive [ 61.044205][ T6074] vivid-000: RDS Radio Text: inactive [ 61.049760][ T6074] vivid-000: RDS Traffic Announcement: false inactive [ 61.051905][ T6074] vivid-000: RDS Traffic Program: false inactive [ 61.053739][ T6074] vivid-000: RDS Music: false inactive [ 61.055602][ T6074] vivid-000: ================== END STATUS ================== [ 61.279596][ T6082] loop7: detected capacity change from 0 to 16384 [ 61.617451][ T6088] loop7: detected capacity change from 16384 to 16383 [ 61.956841][ T5952] Bluetooth: hci3: command tx timeout [ 62.051825][ T5952] Bluetooth: hci2: command tx timeout [ 62.052852][ T5952] Bluetooth: hci0: command tx timeout [ 62.058582][ T5952] Bluetooth: hci1: command tx timeout [ 62.780506][ T39] audit: type=1400 audit(1736110057.547:2): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=6107 comm="syz.0.21" [ 64.036459][ T5960] Bluetooth: hci3: command 0x0405 tx timeout [ 64.105885][ T6122] syz.0.24 uses obsolete (PF_INET,SOCK_PACKET) [ 64.300762][ T6129] overlayfs: conflicting options: userxattr,metacopy=on [ 65.401820][ T6137] cgroup: fork rejected by pids controller in /syz3 [ 65.674447][ T834] hid-generic 0005:7FFF:0008.0002: hidraw1: BLUETOOTH HID v0.02 Device [syz1] on aa:aa:aa:aa:aa:aa [ 66.155261][ T6182] veth1_macvtap: left promiscuous mode [ 67.318706][ T6203] batman_adv: batadv0: Adding interface: ipvlan2 [ 67.321201][ T6203] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.330704][ T6203] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 68.263485][ T6211] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 68.267059][ T6211] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 68.270379][ T6211] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 68.273696][ T6211] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 68.305282][ T6211] vxlan0: entered promiscuous mode [ 68.307549][ T6211] vxlan0: entered allmulticast mode [ 68.319475][ T6211] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 68.322816][ T6211] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 68.326223][ T6211] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 68.330551][ T6211] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 69.159605][ T6239] netlink: 'syz.0.41': attribute type 10 has an invalid length. [ 69.486631][ T6239] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 70.562848][ T6241] syz.0.41 (6241): drop_caches: 2 [ 70.930334][ T1411] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.933134][ T1411] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.070237][ T6301] autofs4:pid:6301:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(4294967071.1), cmd(0xc018937e) [ 71.075475][ T6300] autofs4:pid:6300:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(4294967071.1), cmd(0xc018937e) [ 71.083358][ T6300] autofs4:pid:6300:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 71.089134][ T6301] autofs4:pid:6301:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 71.093602][ T6301] netlink: 76 bytes leftover after parsing attributes in process `syz.3.48'. [ 71.107372][ T6300] netlink: 76 bytes leftover after parsing attributes in process `syz.3.48'. [ 71.157975][ T6306] netlink: 12 bytes leftover after parsing attributes in process `syz.3.49'. [ 71.663696][ T6324] can0: slcan on ttyS3. [ 72.031024][ T6334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.55'. [ 72.337747][ T6319] can0 (unregistered): slcan off ttyS3. [ 72.616096][ T6356] netlink: 8 bytes leftover after parsing attributes in process `syz.3.60'. [ 72.623793][ T6356] pimreg: entered allmulticast mode [ 72.786446][ T5953] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 72.939780][ T5953] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 72.943291][ T5953] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 72.946960][ T5953] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 72.954268][ T5953] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 72.958045][ T5953] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 72.961262][ T5953] usb 7-1: Product: syz [ 72.963180][ T5953] usb 7-1: Manufacturer: syz [ 72.971893][ T5953] cdc_wdm 7-1:1.0: skipping garbage [ 72.974183][ T5953] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22 [ 73.477670][ T6364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.486704][ T6364] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.528520][ T6365] netlink: 24 bytes leftover after parsing attributes in process `syz.1.62'. [ 73.532021][ T6365] netlink: 'syz.1.62': attribute type 2 has an invalid length. [ 73.534811][ T6365] netlink: 'syz.1.62': attribute type 3 has an invalid length. [ 73.538409][ T6365] netlink: 24 bytes leftover after parsing attributes in process `syz.1.62'. [ 73.555337][ T6365] trusted_key: encrypted_key: insufficient parameters specified [ 74.242776][ T6383] netlink: 'syz.3.68': attribute type 1 has an invalid length. [ 74.245864][ T6383] netlink: 224 bytes leftover after parsing attributes in process `syz.3.68'. [ 74.302275][ T6386] netlink: 'syz.3.68': attribute type 2 has an invalid length. [ 74.449752][ T6386] team0 (unregistering): Port device team_slave_0 removed [ 74.455601][ T6386] team0 (unregistering): Port device team_slave_1 removed [ 74.576605][ T6392] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 74.714670][ T6403] netlink: 8 bytes leftover after parsing attributes in process `syz.0.73'. [ 74.992112][ T6403] team0 (unregistering): Port device team_slave_0 removed [ 75.002218][ T6403] team0 (unregistering): Port device team_slave_1 removed [ 75.863853][ T30] usb 7-1: USB disconnect, device number 2 [ 75.879432][ T6419] hsr0: entered promiscuous mode [ 75.926141][ T6424] ip6gretap0: entered promiscuous mode [ 75.938802][ T6426] random: crng reseeded on system resumption [ 75.997607][ T6431] netlink: 16 bytes leftover after parsing attributes in process `syz.1.82'. [ 76.033594][ T6426] Restarting kernel threads ... done. [ 76.126671][ T6442] capability: warning: `syz.1.86' uses deprecated v2 capabilities in a way that may be insecure [ 76.139124][ T6442] mmap: syz.1.86 (6442) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 77.279394][ T6465] FAULT_INJECTION: forcing a failure. [ 77.279394][ T6465] name failslab, interval 1, probability 0, space 0, times 0 [ 77.284599][ T6465] CPU: 2 UID: 0 PID: 6465 Comm: syz.1.90 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0 [ 77.288763][ T6465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.293082][ T6465] Call Trace: [ 77.294429][ T6465] [ 77.295642][ T6465] dump_stack_lvl+0x16c/0x1f0 [ 77.297556][ T6465] should_fail_ex+0x497/0x5b0 [ 77.299483][ T6465] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 77.301857][ T6465] should_failslab+0xc2/0x120 [ 77.303771][ T6465] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 77.306136][ T6465] ? __alloc_skb+0x2b3/0x380 [ 77.307965][ T6465] __alloc_skb+0x2b3/0x380 [ 77.309583][ T6465] ? __pfx___alloc_skb+0x10/0x10 [ 77.311477][ T6465] ? rt6_nlmsg_size+0xb0/0x450 [ 77.313436][ T6465] ? fib6_nh_age_exceptions.part.0+0xcf0/0xcf0 [ 77.315917][ T6465] ? fib6_add_1+0xc84/0x1810 [ 77.317801][ T6465] inet6_rt_notify+0xc7/0x260 [ 77.319745][ T6465] fib6_add+0x251d/0x4b20 [ 77.321516][ T6465] ? __pfx_fib6_add+0x10/0x10 [ 77.323407][ T6465] ? do_raw_spin_lock+0x12d/0x2c0 [ 77.325430][ T6465] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 77.327579][ T6465] ? lock_acquire+0x2f/0xb0 [ 77.329525][ T6465] ? ip6_route_add+0x7b/0x1c0 [ 77.331383][ T6465] ? ip6_route_add+0x8d/0x1c0 [ 77.333273][ T6465] ip6_route_add+0x8d/0x1c0 [ 77.335104][ T6465] addrconf_prefix_route+0x2fe/0x510 [ 77.337183][ T6465] ? __pfx_addrconf_prefix_route+0x10/0x10 [ 77.339530][ T6465] ? atomic_notifier_call_chain+0xa8/0x1c0 [ 77.341868][ T6465] ? ipv6_generate_stable_address+0x2cf/0x630 [ 77.344277][ T6465] addrconf_add_linklocal+0x32a/0x620 [ 77.346432][ T6465] ? __local_bh_enable_ip+0xa4/0x120 [ 77.348441][ T6465] ? __pfx_addrconf_add_linklocal+0x10/0x10 [ 77.350533][ T6465] ? ipv6_generate_stable_address+0x2cf/0x630 [ 77.352691][ T6465] ? __local_bh_enable_ip+0xa4/0x120 [ 77.354571][ T6465] addrconf_addr_gen+0x34f/0x3d0 [ 77.356350][ T6465] ? __pfx_addrconf_addr_gen+0x10/0x10 [ 77.358412][ T6465] ? addrconf_init_auto_addrs+0x446/0x820 [ 77.360460][ T6465] addrconf_init_auto_addrs+0x446/0x820 [ 77.362679][ T6465] addrconf_notify+0xe91/0x19c0 [ 77.364652][ T6465] notifier_call_chain+0xb7/0x410 [ 77.366637][ T6465] ? __pfx_addrconf_notify+0x10/0x10 [ 77.368749][ T6465] call_netdevice_notifiers_info+0xbe/0x140 [ 77.371143][ T6465] __dev_notify_flags+0x12d/0x2e0 [ 77.373192][ T6465] ? __pfx___dev_notify_flags+0x10/0x10 [ 77.375388][ T6465] ? __pfx___dev_change_flags+0x10/0x10 [ 77.377568][ T6465] ? apparmor_capable+0x114/0x1d0 [ 77.379587][ T6465] dev_change_flags+0x10c/0x160 [ 77.381542][ T6465] devinet_ioctl+0x11d7/0x1f40 [ 77.383467][ T6465] ? __pfx_devinet_ioctl+0x10/0x10 [ 77.385525][ T6465] ? _copy_from_user+0x59/0xd0 [ 77.387452][ T6465] inet_ioctl+0x3aa/0x3f0 [ 77.389197][ T6465] ? __pfx_inet_ioctl+0x10/0x10 [ 77.391194][ T6465] packet_ioctl+0xb3/0x280 [ 77.392956][ T6465] sock_do_ioctl+0x116/0x280 [ 77.394810][ T6465] ? __pfx_sock_do_ioctl+0x10/0x10 [ 77.396871][ T6465] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 77.398882][ T6465] compat_sock_ioctl+0x318/0x7e0 [ 77.400917][ T6465] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 77.403034][ T6465] ? __fget_files+0x206/0x3a0 [ 77.404743][ T6465] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 77.406906][ T6465] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 77.409014][ T6465] __do_fast_syscall_32+0x73/0x120 [ 77.411086][ T6465] do_fast_syscall_32+0x32/0x80 [ 77.413046][ T6465] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 77.415572][ T6465] RIP: 0023:0xf7f57579 [ 77.417217][ T6465] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 77.424853][ T6465] RSP: 002b:00000000f502055c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 77.428100][ T6465] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000008914 [ 77.431338][ T6465] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 77.434484][ T6465] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 77.437604][ T6465] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 77.441262][ T6465] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 77.444727][ T6465] [ 78.056563][ T30] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 78.206469][ T30] usb 7-1: Using ep0 maxpacket: 8 [ 78.211412][ T30] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 78.216033][ T30] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 78.220322][ T30] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.225671][ T30] usb 7-1: config 0 descriptor?? [ 78.331422][ T6480] x_tables: duplicate underflow at hook 2 [ 78.436020][ T30] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 78.614708][ T6487] netlink: 'syz.3.96': attribute type 11 has an invalid length. [ 78.640524][ T6007] usb 7-1: USB disconnect, device number 3 [ 79.180797][ T39] audit: type=1326 audit(1736110073.947:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.97" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2579 code=0x7ffc0000 [ 79.191436][ T39] audit: type=1326 audit(1736110073.947:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.97" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2579 code=0x7ffc0000 [ 79.203110][ T39] audit: type=1326 audit(1736110073.947:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.97" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7fc2579 code=0x7ffc0000 [ 79.211631][ T39] audit: type=1326 audit(1736110073.947:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.97" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2579 code=0x7ffc0000 [ 79.221229][ T39] audit: type=1326 audit(1736110073.947:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.97" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2579 code=0x7ffc0000 [ 79.235215][ T39] audit: type=1326 audit(1736110073.957:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.97" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc2579 code=0x7ffc0000 [ 79.246575][ T39] audit: type=1326 audit(1736110073.957:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.97" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2579 code=0x7ffc0000 [ 79.255478][ T39] audit: type=1326 audit(1736110073.957:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.97" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2579 code=0x7ffc0000 [ 79.274565][ T39] audit: type=1326 audit(1736110073.957:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.97" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc2579 code=0x7ffc0000 [ 79.283408][ T39] audit: type=1326 audit(1736110073.967:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.97" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2579 code=0x7ffc0000 [ 79.437878][ T6496] loop2: detected capacity change from 0 to 7 [ 79.453941][ T6496] Dev loop2: unable to read RDB block 7 [ 79.456755][ T6496] loop2: unable to read partition table [ 79.462527][ T6496] loop2: partition table beyond EOD, truncated [ 79.471825][ T6496] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 79.731928][ T6503] __nla_validate_parse: 3 callbacks suppressed [ 79.731948][ T6503] netlink: 4 bytes leftover after parsing attributes in process `syz.0.100'. [ 79.738455][ T6503] bridge_slave_1: left allmulticast mode [ 79.740953][ T6503] bridge_slave_1: left promiscuous mode [ 79.748925][ T6503] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.759310][ T6503] bridge_slave_0: left allmulticast mode [ 79.761620][ T6503] bridge_slave_0: left promiscuous mode [ 79.764012][ T6503] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.806503][ T6537] syzkaller0: entered promiscuous mode [ 80.809338][ T6537] syzkaller0: entered allmulticast mode [ 80.897152][ T6542] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.158877][ T1470] cfg80211: failed to load regulatory.db [ 81.328547][ T6542] syz.3.111 (6542): drop_caches: 2 [ 81.461184][ T6547] xt_NFQUEUE: number of total queues is 0 [ 81.736111][ T6551] netlink: 187320 bytes leftover after parsing attributes in process `syz.3.113'. [ 81.741603][ T6551] netlink: zone id is out of range [ 81.743793][ T6551] netlink: zone id is out of range [ 81.745947][ T6551] netlink: zone id is out of range [ 81.748304][ T6551] netlink: zone id is out of range [ 81.750536][ T6551] netlink: zone id is out of range [ 81.752832][ T6551] netlink: zone id is out of range [ 81.754929][ T6551] netlink: zone id is out of range [ 81.757167][ T6551] netlink: zone id is out of range [ 81.759165][ T6551] netlink: zone id is out of range [ 81.761218][ T6551] netlink: zone id is out of range [ 82.962023][ T6559] netlink: 'syz.1.115': attribute type 1 has an invalid length. [ 82.964961][ T6559] netlink: 224 bytes leftover after parsing attributes in process `syz.1.115'. [ 83.096598][ T6563] FAULT_INJECTION: forcing a failure. [ 83.096598][ T6563] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 83.100720][ T6563] CPU: 2 UID: 0 PID: 6563 Comm: syz.2.117 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0 [ 83.103832][ T6563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.106895][ T6563] Call Trace: [ 83.107870][ T6563] [ 83.108767][ T6563] dump_stack_lvl+0x16c/0x1f0 [ 83.110166][ T6563] should_fail_ex+0x497/0x5b0 [ 83.111542][ T6563] _copy_to_user+0x32/0xd0 [ 83.112851][ T6563] simple_read_from_buffer+0xd0/0x160 [ 83.114559][ T6563] proc_fail_nth_read+0x198/0x270 [ 83.116065][ T6563] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 83.117506][ T6563] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 83.119033][ T6563] vfs_read+0x1df/0xbe0 [ 83.120274][ T6563] ? __fget_files+0x1fc/0x3a0 [ 83.121653][ T6563] ? __pfx___mutex_lock+0x10/0x10 [ 83.123103][ T6563] ? __pfx_vfs_read+0x10/0x10 [ 83.124930][ T6563] ? __fget_files+0x206/0x3a0 [ 83.126574][ T6563] ksys_read+0x12b/0x250 [ 83.127991][ T6563] ? __pfx_ksys_read+0x10/0x10 [ 83.129472][ T6563] __do_fast_syscall_32+0x73/0x120 [ 83.131340][ T6563] do_fast_syscall_32+0x32/0x80 [ 83.133206][ T6563] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 83.135567][ T6563] RIP: 0023:0xf712e579 [ 83.136905][ T6563] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 83.144293][ T6563] RSP: 002b:00000000f5120590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 83.147615][ T6563] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5120620 [ 83.150177][ T6563] RDX: 000000000000000f RSI: 00000000f7463ff4 RDI: 0000000000000000 [ 83.152541][ T6563] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 83.154829][ T6563] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 83.157554][ T6563] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 83.160749][ T6563] [ 83.204382][ T6567] netlink: 8 bytes leftover after parsing attributes in process `syz.1.118'. [ 84.657228][ T9] hid-generic 0005:7FFF:0008.0003: hidraw1: BLUETOOTH HID v0.02 Device [syz1] on aa:aa:aa:aa:aa:aa [ 84.723453][ T6635] Driver unsupported XDP return value 0 on prog (id 32) dev N/A, expect packet loss! [ 84.760775][ T6637] affs: No valid root block on device nbd3 [ 85.316667][ T57] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 85.429631][ T6651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.128'. [ 85.466668][ T57] usb 8-1: Using ep0 maxpacket: 16 [ 85.471803][ T6653] fuse: Unknown parameter 'uid>00000000000000000000' [ 85.474782][ T6653] fuse: Unknown parameter 'uid>00000000000000000000' [ 85.494581][ T57] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 85.502514][ T57] usb 8-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 85.506482][ T57] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.509695][ T57] usb 8-1: Product: syz [ 85.511423][ T57] usb 8-1: Manufacturer: syz [ 85.513352][ T57] usb 8-1: SerialNumber: syz [ 85.517505][ T57] usb 8-1: config 0 descriptor?? [ 85.520957][ T57] hub 8-1:0.0: bad descriptor, ignoring hub [ 85.523353][ T57] hub 8-1:0.0: probe with driver hub failed with error -5 [ 85.531579][ T57] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input5 [ 86.041505][ T6669] 9pnet_virtio: no channels available for device syz [ 86.165891][ T6668] netlink: 72 bytes leftover after parsing attributes in process `syz.2.133'. [ 87.926751][ T57] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 88.088168][ T57] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 88.091354][ T57] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 88.094991][ T57] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 88.101624][ T57] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 88.105596][ T57] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 88.111608][ T57] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 88.114866][ T57] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 88.122178][ T57] usb 6-1: Product: syz [ 88.123753][ T57] usb 6-1: Manufacturer: syz [ 88.129897][ T57] cdc_wdm 6-1:1.0: skipping garbage [ 88.131838][ T57] cdc_wdm 6-1:1.0: skipping garbage [ 88.135062][ T57] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 88.140962][ T57] cdc_wdm 6-1:1.0: Unknown control protocol [ 88.206820][ T30] usb 8-1: USB disconnect, device number 2 [ 88.446436][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 88.449149][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 88.453830][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 88.456304][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 88.458756][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 88.461204][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 88.463655][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 88.466063][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 88.468483][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 88.470875][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 88.473319][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 88.475758][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 88.487271][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 88.489723][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 88.492183][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 88.494742][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 88.497267][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 88.499707][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 88.502162][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 88.504579][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 88.539536][ T57] usb 6-1: USB disconnect, device number 3 [ 88.541780][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 88.650251][ T9] libceph: connect (1)[c::]:6789 error -101 [ 88.653133][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 88.793993][ T6708] ceph: No mds server is up or the cluster is laggy [ 88.922727][ T6718] netlink: 4 bytes leftover after parsing attributes in process `syz.3.143'. [ 89.486667][ T57] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 89.510656][ T39] kauditd_printk_skb: 30 callbacks suppressed [ 89.510670][ T39] audit: type=1326 audit(1736110084.277:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6721 comm="syz.3.144" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x80000000 [ 89.659876][ T57] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 89.662438][ T57] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 89.665380][ T57] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 89.669517][ T57] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 89.678507][ T57] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 89.684006][ T57] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 89.687699][ T57] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 89.690868][ T57] usb 6-1: Product: syz [ 89.692099][ T57] usb 6-1: Manufacturer: syz [ 89.698127][ T57] cdc_wdm 6-1:1.0: skipping garbage [ 89.699788][ T57] cdc_wdm 6-1:1.0: skipping garbage [ 89.704047][ T57] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 89.705764][ T57] cdc_wdm 6-1:1.0: Unknown control protocol [ 89.920281][ T5990] usb 6-1: USB disconnect, device number 4 [ 90.056526][ T30] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 90.206505][ T30] usb 7-1: Using ep0 maxpacket: 8 [ 90.212378][ T30] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 90.223709][ T30] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 90.233084][ T30] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 90.240644][ T30] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 90.245246][ T30] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 90.249218][ T30] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.255731][ T30] hub 7-1:1.0: bad descriptor, ignoring hub [ 90.258908][ T30] hub 7-1:1.0: probe with driver hub failed with error -5 [ 90.262133][ T30] cdc_wdm 7-1:1.0: skipping garbage [ 90.264227][ T30] cdc_wdm 7-1:1.0: skipping garbage [ 90.268371][ T30] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 90.270916][ T30] cdc_wdm 7-1:1.0: Unknown control protocol [ 90.299837][ T6730] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 90.304658][ T6730] overlayfs: failed to set xattr on upper [ 90.307230][ T6730] overlayfs: ...falling back to redirect_dir=nofollow. [ 90.310260][ T6730] overlayfs: ...falling back to index=off. [ 90.312796][ T6730] overlayfs: ...falling back to uuid=null. [ 91.126451][ T6007] usb 8-1: new low-speed USB device number 3 using dummy_hcd [ 91.178772][ T6726] usb 7-1: reset high-speed USB device number 4 using dummy_hcd [ 91.276572][ T6007] usb 8-1: Invalid ep0 maxpacket: 16 [ 91.306651][ T6726] usb 7-1: device descriptor read/64, error -71 [ 91.406715][ T6007] usb 8-1: new low-speed USB device number 4 using dummy_hcd [ 91.546494][ T6726] usb 7-1: reset high-speed USB device number 4 using dummy_hcd [ 91.556610][ T6007] usb 8-1: Invalid ep0 maxpacket: 16 [ 91.558310][ T6007] usb usb8-port1: attempt power cycle [ 91.676553][ T6726] usb 7-1: device descriptor read/64, error -71 [ 91.874653][ T6762] usb 2-1: USB disconnect, device number 2 [ 91.896570][ T6007] usb 8-1: new low-speed USB device number 5 using dummy_hcd [ 91.932103][ T6007] usb 8-1: Invalid ep0 maxpacket: 16 [ 91.936649][ T6726] usb 7-1: reset high-speed USB device number 4 using dummy_hcd [ 91.967037][ T6726] usb 7-1: device descriptor read/8, error -71 [ 92.057755][ T6763] hub 2-0:1.0: USB hub found [ 92.059796][ T6763] hub 2-0:1.0: 6 ports detected [ 92.077204][ T6007] usb 8-1: new low-speed USB device number 6 using dummy_hcd [ 92.131382][ T6007] usb 8-1: Invalid ep0 maxpacket: 16 [ 92.133641][ T6007] usb usb8-port1: unable to enumerate USB device [ 92.216783][ T6726] usb 7-1: reset high-speed USB device number 4 using dummy_hcd [ 92.226398][ T30] usb 2-1: new high-speed USB device number 3 using ehci-pci [ 92.247564][ T6726] usb 7-1: device descriptor read/8, error -71 [ 92.364463][ T9] usb 7-1: USB disconnect, device number 4 [ 92.367075][ T6726] cdc_wdm 7-1:1.0: Error autopm - -16 [ 92.431195][ T30] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 92.434795][ T30] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 92.438748][ T30] usb 2-1: Product: QEMU USB Tablet [ 92.440747][ T30] usb 2-1: Manufacturer: QEMU [ 92.442191][ T30] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1 [ 92.479670][ T30] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0004/input/input6 [ 92.506476][ T9] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 92.557255][ T30] hid-generic 0003:0627:0001.0004: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 92.636735][ T9] usb 7-1: device descriptor read/64, error -71 [ 92.884439][ T6769] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input7 [ 92.921757][ T6772] netlink: 236 bytes leftover after parsing attributes in process `syz.1.155'. [ 93.349754][ T6775] overlayfs: missing 'lowerdir' [ 93.355268][ T6775] lo speed is unknown, defaulting to 1000 [ 93.363936][ T6775] lo speed is unknown, defaulting to 1000 [ 93.367514][ T6775] lo speed is unknown, defaulting to 1000 [ 93.433393][ T6775] infiniband sz1: set active [ 93.435378][ T6775] infiniband sz1: added lo [ 93.443190][ T30] lo speed is unknown, defaulting to 1000 [ 93.464231][ T6775] RDS/IB: sz1: added [ 93.466437][ T6775] smc: adding ib device sz1 with port count 1 [ 93.468975][ T6775] smc: ib device sz1 port 1 has pnetid [ 93.474181][ T6775] lo speed is unknown, defaulting to 1000 [ 93.544166][ T6775] lo speed is unknown, defaulting to 1000 [ 93.562541][ T30] lo speed is unknown, defaulting to 1000 [ 93.798433][ T6775] lo speed is unknown, defaulting to 1000 [ 94.001052][ T6793] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 94.070129][ T6775] lo speed is unknown, defaulting to 1000 [ 94.505814][ T6803] netlink: 4 bytes leftover after parsing attributes in process `syz.1.164'. [ 94.509829][ T6803] bridge_slave_1: left allmulticast mode [ 94.512284][ T6803] bridge_slave_1: left promiscuous mode [ 94.515319][ T6803] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.727181][ T6803] bridge_slave_0: left allmulticast mode [ 94.729769][ T6803] bridge_slave_0: left promiscuous mode [ 94.737274][ T6803] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.146408][ T5990] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 95.276478][ T5990] usb 7-1: device descriptor read/64, error -71 [ 95.516445][ T5990] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 95.646406][ T5990] usb 7-1: device descriptor read/64, error -71 [ 95.756739][ T5990] usb usb7-port1: attempt power cycle [ 96.099780][ T5990] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 96.129424][ T5990] usb 7-1: device descriptor read/8, error -71 [ 96.322776][ T6832] binder: 6830:6832 ioctl c0306201 200003c0 returned -14 [ 96.386443][ T5990] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 96.416878][ T5990] usb 7-1: device descriptor read/8, error -71 [ 96.526736][ T5990] usb usb7-port1: unable to enumerate USB device [ 97.937694][ T6869] bridge0: port 3(ip6gretap0) entered blocking state [ 97.940883][ T6869] bridge0: port 3(ip6gretap0) entered disabled state [ 97.945437][ T6869] ip6gretap0: entered allmulticast mode [ 97.949957][ T6869] ip6gretap0: entered promiscuous mode [ 97.953265][ T6869] bridge0: port 3(ip6gretap0) entered blocking state [ 97.956467][ T6869] bridge0: port 3(ip6gretap0) entered forwarding state [ 98.077840][ T6875] netlink: 'syz.1.179': attribute type 11 has an invalid length. [ 98.497132][ T6893] netlink: 12 bytes leftover after parsing attributes in process `syz.3.181'. [ 98.933759][ T6899] netlink: 32 bytes leftover after parsing attributes in process `syz.1.183'. [ 99.444031][ T6920] overlayfs: failed to resolve './file1': -2 [ 99.578868][ T6931] netlink: 'syz.2.190': attribute type 1 has an invalid length. [ 99.643452][ T6933] lo speed is unknown, defaulting to 1000 [ 99.681680][ T39] audit: type=1800 audit(1736110094.447:44): pid=6939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.192" name="bus" dev="overlay" ino=262 res=0 errno=0 [ 99.717968][ T39] audit: type=1804 audit(1736110094.467:45): pid=6939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.192" name="/newroot/44/bus/bus" dev="overlay" ino=262 res=1 errno=0 [ 100.251287][ T6963] netlink: 16 bytes leftover after parsing attributes in process `syz.1.199'. [ 101.566400][ T39] audit: type=1326 audit(1736110096.327:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6980 comm="syz.1.202" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x0 [ 101.884021][ T6986] delete_channel: no stack [ 101.892453][ T6985] tipc: Started in network mode [ 101.894328][ T6985] tipc: Node identity 6, cluster identity 4711 [ 101.897078][ T6985] tipc: Node number set to 6 [ 101.975352][ T6990] netlink: 'syz.0.204': attribute type 1 has an invalid length. [ 101.980425][ T6990] netlink: 'syz.0.204': attribute type 1 has an invalid length. [ 102.166819][ T6997] netlink: 56 bytes leftover after parsing attributes in process `syz.0.206'. [ 102.295471][ T7003] lo speed is unknown, defaulting to 1000 [ 103.863160][ T30] IPVS: starting estimator thread 0... [ 103.956637][ T7033] IPVS: using max 21 ests per chain, 50400 per kthread [ 104.768717][ T7085] net_ratelimit: 75 callbacks suppressed [ 104.768734][ T7085] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 106.051362][ T7113] lo speed is unknown, defaulting to 1000 [ 106.287676][ T5299] Bluetooth: hci3: unexpected event for opcode 0x0c2d [ 106.298192][ T7125] Invalid logical block size (85) [ 106.402903][ T7131] overlayfs: unescaped trailing colons in lowerdir mount option. [ 106.486388][ T39] audit: type=1804 audit(1736110101.247:47): pid=7132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.228" name="/newroot/58/bus/bus" dev="overlay" ino=330 res=1 errno=0 [ 106.502824][ T39] audit: type=1800 audit(1736110101.267:48): pid=7132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.228" name="file1" dev="overlay" ino=331 res=0 errno=0 [ 106.520011][ T7132] evm: overlay not supported [ 106.940602][ T7136] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 108.100046][ T7146] netlink: 8 bytes leftover after parsing attributes in process `syz.2.232'. [ 109.068145][ T7154] netlink: 8 bytes leftover after parsing attributes in process `syz.2.234'. [ 109.404151][ T7160] [U] [ 109.405477][ T7160] [U] [ 109.406575][ T7160] [U] [ 109.407645][ T7160] [U] [ 109.409636][ T7160] [U] [ 109.410721][ T7160] [U] [ 109.411838][ T7160] [U] [ 109.412933][ T7160] [U] [ 109.415672][ T7160] [U] [ 109.416836][ T7160] [U] [ 109.417902][ T7160] [U] [ 109.418975][ T7160] [U] [ 109.421630][ T7160] [U] [ 109.422762][ T7160] [U] [ 109.423849][ T7160] [U] [ 109.424938][ T7160] [U] [ 109.426157][ T7160] [U] [ 109.427238][ T7160] [U] [ 109.428739][ T7160] [U] [ 109.429819][ T7160] [U] [ 109.431030][ T7160] [U] [ 109.432099][ T7160] [U] [ 109.433174][ T7160] [U] [ 109.434317][ T7160] [U] [ 109.435536][ T7160] [U] [ 109.436703][ T7160] [U] [ 109.437813][ T7160] [U] [ 109.438914][ T7160] [U] [ 109.440243][ T7160] [U] [ 109.441366][ T7160] [U] [ 109.442459][ T7160] [U] [ 109.443542][ T7160] [U] [ 109.444811][ T7160] [U] [ 109.445917][ T7160] [U] [ 109.446992][ T7160] [U] [ 109.448023][ T7160] [U] [ 109.449227][ T7160] [U] [ 109.450291][ T7160] [U] [ 109.451363][ T7160] [U] [ 109.452403][ T7160] [U] [ 109.453583][ T7160] [U] [ 109.454601][ T7160] [U] [ 109.455664][ T7160] [U] [ 109.456787][ T7160] [U] [ 109.458338][ T7160] [U] [ 109.458503][ T7161] netlink: 12 bytes leftover after parsing attributes in process `syz.1.236'. [ 109.459438][ T7160] [U] [ 109.464142][ T7160] [U] [ 109.465225][ T7160] [U] [ 109.466623][ T7160] [U] [ 109.467320][ T7161] infiniband sz1: set active [ 109.467701][ T7160] [U] [ 109.467731][ T7160] [U] [ 109.471703][ T7160] [U] [ 109.472889][ T7160] [U] [ 109.473995][ T7160] [U] [ 109.475120][ T7160] [U] [ 109.476186][ T7160] [U] [ 109.477523][ T7160] [U] [ 109.478604][ T7160] [U] [ 109.479712][ T7160] [U] [ 109.480885][ T7160] [U] [ 109.481030][ T7160] [U] [ 109.483144][ T7160] [U] [ 109.484258][ T7160] [U] [ 109.485367][ T7160] [U] [ 109.486866][ T7160] [U] [ 109.487927][ T7160] [U] [ 109.487958][ T7160] [U] [ 109.490609][ T7160] [U] [ 109.490719][ T7160] [U] [ 109.491831][ T7161] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 109.492836][ T7160] [U] [ 109.500083][ T5987] lo speed is unknown, defaulting to 1000 [ 109.502369][ T7160] [U] [ 109.503503][ T7160] [U] [ 109.504837][ T7160] [U] [ 109.505993][ T7160] [U] [ 109.507136][ T7160] [U] [ 109.508231][ T7160] [U] [ 109.509621][ T7160] [U] [ 109.510729][ T7160] [U] [ 109.511822][ T7160] [U] [ 109.512915][ T7160] [U] [ 109.514245][ T7160] [U] [ 109.515359][ T7160] [U] [ 109.516483][ T7160] [U] [ 109.517573][ T7160] [U] [ 109.518946][ T7160] [U] [ 109.520042][ T7160] [U] [ 109.521612][ T7160] [U] [ 109.522731][ T7160] [U] [ 109.523968][ T7160] [U] [ 109.525137][ T7160] [U] [ 109.526260][ T7160] [U] [ 109.527374][ T7160] [U] [ 109.528631][ T7160] [U] [ 109.529751][ T7160] [U] [ 109.530837][ T7160] [U] [ 109.531925][ T7160] [U] [ 109.533178][ T7160] [U] [ 109.534305][ T7160] [U] [ 109.535421][ T7160] [U] [ 109.536553][ T7160] [U] [ 109.537770][ T7160] [U] [ 109.538855][ T7160] [U] [ 109.540016][ T7160] [U] [ 109.541112][ T7160] [U] [ 109.542315][ T7160] [U] [ 109.543385][ T7160] [U] [ 109.544471][ T7160] [U] [ 109.545530][ T7160] [U] [ 109.546774][ T7160] [U] [ 109.547838][ T7160] [U] [ 109.548887][ T7160] [U] [ 109.549960][ T7160] [U] [ 109.551117][ T7160] [U] [ 109.552246][ T7160] [U] [ 109.553325][ T7160] [U] [ 109.554866][ T7160] [U] [ 109.556045][ T7160] [U] [ 109.557184][ T7160] [U] [ 109.558264][ T7160] [U] [ 109.559390][ T7160] [U] [ 109.560759][ T7160] [U] [ 109.561859][ T7160] [U] [ 109.562986][ T7160] [U] [ 109.564095][ T7160] [U] [ 109.565303][ T7160] [U] [ 109.566434][ T7160] [U] [ 109.567563][ T7160] [U] [ 109.574855][ T7159] [U] [ 109.636492][ T5299] Bluetooth: hci3: command 0x0405 tx timeout [ 110.240233][ T7180] IPv6: addrconf: prefix option has invalid lifetime [ 110.357843][ T5299] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 110.361203][ T5299] Bluetooth: hci3: Injecting HCI hardware error event [ 110.364987][ T5299] Bluetooth: hci3: hardware error 0x00 [ 110.458697][ T7183] netlink: 28 bytes leftover after parsing attributes in process `syz.1.243'. [ 110.589494][ T7187] vlan1: entered promiscuous mode [ 110.600332][ T7187] vlan1: entered allmulticast mode [ 110.726020][ T7190] warning: `syz.2.245' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 111.580553][ T7231] overlay: ./file0 is not a directory [ 111.749612][ T7238] 9pnet_virtio: no channels available for device syz [ 111.864004][ T7244] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 111.864584][ T7246] overlayfs: failed to resolve './bus/file0': -2 [ 111.868048][ T7244] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 112.200482][ T7256] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 112.432627][ T7264] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 112.435529][ T7264] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 112.436832][ T5299] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 112.441448][ T5299] Bluetooth: hci2: command 0x0405 tx timeout [ 112.443591][ T7264] vhci_hcd vhci_hcd.0: Device attached [ 112.617344][ T57] vhci_hcd: vhci_device speed not set [ 112.676550][ T57] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 113.326423][ T7283] fuse: Unknown parameter '000000000000000000040x0000000000000005' [ 113.436457][ T2077] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 113.812246][ T7265] vhci_hcd: connection reset by peer [ 113.819706][ T97] vhci_hcd: stop threads [ 113.824806][ T97] vhci_hcd: release socket [ 113.831292][ T97] vhci_hcd: disconnect device [ 114.031266][ T2077] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 114.034694][ T2077] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.051772][ T2077] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 114.054908][ T2077] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 114.058016][ T2077] usb 7-1: Manufacturer: syz [ 114.066070][ T2077] usb 7-1: config 0 descriptor?? [ 114.282405][ T2077] rc_core: IR keymap rc-hauppauge not found [ 114.284712][ T2077] Registered IR keymap rc-empty [ 114.291791][ T2077] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 114.297457][ T2077] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input8 [ 114.310150][ T7304] program syz.0.274 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 114.583189][ T2077] usb 7-1: USB disconnect, device number 11 [ 114.850449][ T7318] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input10 [ 114.866056][ T7320] syz.3.280: vmalloc error: size 1847640064, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 114.875585][ T7320] CPU: 2 UID: 0 PID: 7320 Comm: syz.3.280 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0 [ 114.879992][ T7320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.884376][ T7320] Call Trace: [ 114.885814][ T7320] [ 114.887094][ T7320] dump_stack_lvl+0x16c/0x1f0 [ 114.889135][ T7320] warn_alloc+0x24d/0x3a0 [ 114.890943][ T7320] ? __pfx_warn_alloc+0x10/0x10 [ 114.893064][ T7320] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 114.895478][ T7320] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 114.897756][ T7320] ? kasan_save_stack+0x42/0x60 [ 114.899840][ T7320] ? kasan_save_stack+0x33/0x60 [ 114.901887][ T7320] ? kasan_save_track+0x14/0x30 [ 114.903903][ T7320] ? __kasan_kmalloc+0xaa/0xb0 [ 114.905921][ T7320] ? vb2_vmalloc_alloc+0xe2/0x3d0 [ 114.908013][ T7320] ? vb2_core_create_bufs+0x558/0xab0 [ 114.910233][ T7320] ? vb2_create_bufs+0x566/0x780 [ 114.912314][ T7320] ? vb2_ioctl_create_bufs+0x244/0x3e0 [ 114.914619][ T7320] __vmalloc_node_range_noprof+0x10df/0x1530 [ 114.917174][ T7320] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 114.919393][ T7320] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 114.922068][ T7320] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 114.924246][ T7320] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 114.926532][ T7320] vmalloc_user_noprof+0x6b/0x90 [ 114.928614][ T7320] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 114.930712][ T7320] vb2_vmalloc_alloc+0x11e/0x3d0 [ 114.932803][ T7320] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 114.934904][ T7320] __vb2_queue_alloc+0x896/0x1230 [ 114.937066][ T7320] ? vbi_out_queue_setup+0x1e3/0x2b0 [ 114.939320][ T7320] vb2_core_create_bufs+0x558/0xab0 [ 114.941500][ T7320] ? __pfx_vbi_out_queue_setup+0x10/0x10 [ 114.943816][ T7320] ? __pfx_vb2_core_create_bufs+0x10/0x10 [ 114.946214][ T7320] ? lock_acquire.part.0+0x11b/0x380 [ 114.948443][ T7320] vb2_create_bufs+0x566/0x780 [ 114.950502][ T7320] ? __pfx_vb2_create_bufs+0x10/0x10 [ 114.952715][ T7320] ? __video_do_ioctl+0x4a2/0xf00 [ 114.954835][ T7320] vb2_ioctl_create_bufs+0x244/0x3e0 [ 114.957042][ T7320] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 114.959500][ T7320] vidioc_create_bufs+0x7d/0xf0 [ 114.961441][ T7320] v4l_create_bufs+0x198/0x270 [ 114.963353][ T7320] __video_do_ioctl+0xaf0/0xf00 [ 114.965453][ T7320] ? __pfx___video_do_ioctl+0x10/0x10 [ 114.967726][ T7320] ? __kmalloc_noprof+0x23b/0x4f0 [ 114.969858][ T7320] ? video_usercopy+0x1b4/0x1520 [ 114.971923][ T7320] video_usercopy+0x427/0x1520 [ 114.973921][ T7320] ? __pfx___video_do_ioctl+0x10/0x10 [ 114.976197][ T7320] ? __pfx_video_usercopy+0x10/0x10 [ 114.978460][ T7320] v4l2_ioctl+0x1ba/0x250 [ 114.980313][ T7320] ? __fget_files+0x1e1/0x3a0 [ 114.982216][ T7320] v4l2_compat_ioctl32+0x214/0x2c0 [ 114.984442][ T7320] ? __pfx_v4l2_compat_ioctl32+0x10/0x10 [ 114.986751][ T7320] __do_compat_sys_ioctl+0x1cb/0x2c0 [ 114.988916][ T7320] __do_fast_syscall_32+0x73/0x120 [ 114.991056][ T7320] do_fast_syscall_32+0x32/0x80 [ 114.993110][ T7320] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 114.995711][ T7320] RIP: 0023:0xf7f74579 [ 114.997342][ T7320] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 115.005003][ T7320] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 115.008311][ T7320] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0f8565c [ 115.011630][ T7320] RDX: 00000000200002c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 115.014877][ T7320] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 115.018148][ T7320] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 115.021440][ T7320] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 115.024703][ T7320] [ 115.037232][ T7320] Mem-Info: [ 115.039897][ T7320] active_anon:11560 inactive_anon:0 isolated_anon:0 [ 115.039897][ T7320] active_file:5834 inactive_file:45959 isolated_file:0 [ 115.039897][ T7320] unevictable:1768 dirty:190 writeback:0 [ 115.039897][ T7320] slab_reclaimable:5697 slab_unreclaimable:56898 [ 115.039897][ T7320] mapped:27348 shmem:8150 pagetables:734 [ 115.039897][ T7320] sec_pagetables:297 bounce:0 [ 115.039897][ T7320] kernel_misc_reclaimable:0 [ 115.039897][ T7320] free:50843 free_pcp:1592 free_cma:0 [ 115.078646][ T7320] Node 0 active_anon:2900kB inactive_anon:0kB active_file:644kB inactive_file:15228kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:6528kB dirty:4kB writeback:0kB shmem:4012kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9440kB pagetables:692kB sec_pagetables:1124kB all_unreclaimable? yes [ 115.106516][ T7320] Node 1 active_anon:31764kB inactive_anon:0kB active_file:22692kB inactive_file:168608kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:102864kB dirty:756kB writeback:0kB shmem:17188kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2528kB pagetables:2244kB sec_pagetables:64kB all_unreclaimable? no [ 115.119950][ T7320] Node 0 DMA free:2972kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:68kB inactive_file:1544kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:512kB local_pcp:136kB free_cma:0kB [ 115.145909][ T7320] lowmem_reserve[]: 0 273 0 0 0 [ 115.156562][ T7320] Node 0 DMA32 free:32288kB boost:12288kB min:26192kB low:29668kB high:33144kB reserved_highatomic:4096KB active_anon:2924kB inactive_anon:0kB active_file:576kB inactive_file:13684kB unevictable:3536kB writepending:4kB present:1032196kB managed:306308kB mlocked:0kB bounce:0kB free_pcp:644kB local_pcp:124kB free_cma:0kB [ 115.169336][ T7320] lowmem_reserve[]: 0 0 0 0 0 [ 115.171296][ T7320] Node 1 DMA32 free:177052kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:31744kB inactive_anon:0kB active_file:22692kB inactive_file:168608kB unevictable:3536kB writepending:804kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:7780kB local_pcp:228kB free_cma:0kB [ 115.183588][ T7320] lowmem_reserve[]: 0 0 0 0 0 [ 115.185522][ T7320] Node 0 DMA: 15*4kB (U) 18*8kB (U) 53*16kB (U) 54*32kB (U) 3*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2972kB [ 115.191116][ T7320] Node 0 DMA32: 520*4kB (UMEH) 171*8kB (UMEH) 58*16kB (UMEH) 171*32kB (UMEH) 129*64kB (UMEH) 45*128kB (UME) 18*256kB (UME) 6*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 31544kB [ 115.197606][ T7320] Node 1 DMA32: 367*4kB (UME) 133*8kB (UME) 214*16kB (UME) 424*32kB (UME) 251*64kB (UME) 68*128kB (UME) 52*256kB (UME) 32*512kB (UME) 18*1024kB (UME) 20*2048kB (UM) 12*4096kB (UM) = 182532kB [ 115.204925][ T7320] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 115.208413][ T7320] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 115.211562][ T7320] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 115.214838][ T7320] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 115.218229][ T7320] 57093 total pagecache pages [ 115.219876][ T7320] 0 pages in swap cache [ 115.221455][ T7320] Free swap = 124436kB [ 115.223060][ T7320] Total swap = 124996kB [ 115.224668][ T7320] 524155 pages RAM [ 115.226065][ T7320] 0 pages HighMem/MovableOnly [ 115.227968][ T7320] 206675 pages reserved [ 115.229409][ T7320] 0 pages cma reserved [ 115.396447][ T5987] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 115.563517][ T5987] usb 5-1: Using ep0 maxpacket: 8 [ 115.568471][ T5987] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 115.572072][ T5987] usb 5-1: config 179 has no interface number 0 [ 115.574845][ T5987] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10 [ 115.579785][ T5987] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024 [ 115.584478][ T5987] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 115.589272][ T5987] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 115.594849][ T5987] usb 5-1: config 179 interface 65 has no altsetting 0 [ 115.598691][ T5987] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 115.602996][ T5987] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.609207][ T7324] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 115.631514][ T5987] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:179.65/input/input11 [ 115.677250][ T5344] input input11: unable to receive magic message: -110 [ 115.691850][ T5344] input input11: unable to receive magic message: -32 [ 115.700139][ T5344] input input11: unable to receive magic message: -32 [ 115.704692][ T5344] input input11: unable to receive magic message: -32 [ 115.762722][ T5957] input input11: unable to receive magic message: -32 [ 115.772208][ T5344] input input11: unable to receive magic message: -32 [ 115.790905][ T5344] input input11: unable to receive magic message: -32 [ 116.219662][ T7364] input input11: unable to receive magic message: -110 [ 116.236980][ T25] usb 5-1: USB disconnect, device number 2 [ 116.236988][ C3] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 116.243351][ T25] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 117.119191][ T7386] syz.0.294 (7386): drop_caches: 2 [ 117.205008][ T5987] libceph: connect (1)[c::]:6789 error -101 [ 117.208508][ T5987] libceph: mon0 (1)[c::]:6789 connect error [ 117.300949][ T7388] ceph: No mds server is up or the cluster is laggy [ 117.816502][ T57] vhci_hcd: vhci_device speed not set [ 117.895045][ T7402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.297'. [ 117.929899][ T7402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.297'. [ 118.166509][ T2077] usb 7-1: new full-speed USB device number 12 using dummy_hcd [ 118.213343][ T7411] 9pnet_fd: Insufficient options for proto=fd [ 118.305823][ T7416] netlink: 24 bytes leftover after parsing attributes in process `syz.0.301'. [ 118.309689][ T7416] netlink: 24 bytes leftover after parsing attributes in process `syz.0.301'. [ 118.318008][ T2077] usb 7-1: config 8 interface 0 has no altsetting 0 [ 118.320882][ T2077] usb 7-1: New USB device found, idVendor=046d, idProduct=08b8, bcdDevice=fb.bc [ 118.324355][ T2077] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.595548][ T7430] netlink: 'syz.2.298': attribute type 2 has an invalid length. [ 119.130196][ T7436] netlink: 'syz.0.306': attribute type 10 has an invalid length. [ 119.133402][ T7436] netlink: 40 bytes leftover after parsing attributes in process `syz.0.306'. [ 119.149888][ T7436] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 119.157535][ T7436] syz.0.306 (7436) used greatest stack depth: 21328 bytes left [ 119.664515][ T7458] program syz.0.308 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 119.942695][ T2077] usb 7-1: string descriptor 0 read error: -71 [ 119.987246][ T2077] pwc: Logitech QuickCam detected (reserved ID). [ 119.990415][ T2077] pwc: Failed to set LED on/off time (-71) [ 119.993080][ T2077] pwc: send_video_command error -71 [ 119.995352][ T2077] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 119.999516][ T2077] Philips webcam 7-1:8.0: probe with driver Philips webcam failed with error -71 [ 120.004838][ T2077] usb 7-1: USB disconnect, device number 12 [ 121.105219][ T39] audit: type=1326 audit(1736110115.867:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7512 comm="syz.3.326" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f74579 code=0x0 [ 121.876483][ T5960] Bluetooth: hci1: command tx timeout [ 122.275195][ T7541] netlink: 32 bytes leftover after parsing attributes in process `syz.0.330'. [ 122.287076][ T7543] loop9: detected capacity change from 0 to 6 [ 122.291151][ T7543] Dev loop9: unable to read RDB block 6 [ 122.293172][ T7543] loop9: unable to read partition table [ 122.295549][ T7543] loop9: partition table beyond EOD, truncated [ 122.308169][ T7543] loop_reread_partitions: partition scan of loop9 (被xڬdƤݡ [ 122.308169][ T7543] ) failed (rc=-5) [ 122.386191][ T7550] macvlan2: entered allmulticast mode [ 122.531913][ T7558] syz.1.334 (7558): /proc/7556/oom_adj is deprecated, please use /proc/7556/oom_score_adj instead. [ 122.666640][ T7561] netlink: 96 bytes leftover after parsing attributes in process `syz.0.333'. [ 123.438419][ T7569] netlink: 'syz.3.336': attribute type 10 has an invalid length. [ 123.448573][ T7569] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 123.525637][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'. [ 123.539434][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'. [ 123.546625][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'. [ 123.550321][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'. [ 123.553958][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'. [ 123.557826][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'. [ 123.561375][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'. [ 123.564886][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'. [ 123.569091][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'. [ 123.572670][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'. [ 124.416905][ T7589] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 124.907361][ T7576] Set syz1 is full, maxelem 65536 reached [ 125.193251][ T5960] Bluetooth: hci0: unexpected cc 0x0404 length: 2 > 1 [ 126.157399][ T7626] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 126.930102][ T7625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.581423][ T7670] tipc: Trying to set illegal importance in message [ 127.683264][ T7677] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 128.283340][ T7684] xt_cgroup: path and classid specified [ 128.764690][ T7700] ALSA: mixer_oss: invalid OSS volume '}8z00000' [ 128.838325][ T7717] GUP no longer grows the stack in syz.2.379 (7717): 20004000-2000a000 (20002000) [ 128.842907][ T7717] CPU: 3 UID: 0 PID: 7717 Comm: syz.2.379 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0 [ 128.847037][ T7717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 128.851226][ T7717] Call Trace: [ 128.852522][ T7717] [ 128.853771][ T7717] dump_stack_lvl+0x16c/0x1f0 [ 128.855734][ T7717] gup_vma_lookup+0x1d2/0x220 [ 128.857706][ T7717] __get_user_pages+0x236/0x3b50 [ 128.859764][ T7717] ? find_held_lock+0x2d/0x110 [ 128.861798][ T7717] ? mtree_load+0x30a/0xa40 [ 128.863706][ T7717] ? __pfx_lock_release+0x10/0x10 [ 128.865853][ T7717] ? __pfx___get_user_pages+0x10/0x10 [ 128.868129][ T7717] get_user_pages_remote+0x25e/0xb30 [ 128.870336][ T7717] ? __pfx_get_user_pages_remote+0x10/0x10 [ 128.872636][ T7717] __access_remote_vm+0x3a5/0x7b0 [ 128.874628][ T7717] ? __pfx___access_remote_vm+0x10/0x10 [ 128.876917][ T7717] ? lock_acquire+0x2f/0xb0 [ 128.878805][ T7717] ? proc_pid_cmdline_read+0x25b/0x8d0 [ 128.881132][ T7717] proc_pid_cmdline_read+0x4f4/0x8d0 [ 128.883363][ T7717] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 128.885823][ T7717] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 128.888332][ T7717] vfs_readv+0x6bf/0x890 [ 128.890155][ T7717] ? __pfx___lock_acquire+0x10/0x10 [ 128.892342][ T7717] ? __pfx_vfs_readv+0x10/0x10 [ 128.894335][ T7717] ? __fget_files+0x1fc/0x3a0 [ 128.896386][ T7717] ? __pfx_lock_release+0x10/0x10 [ 128.898501][ T7717] ? __fget_files+0x206/0x3a0 [ 128.900512][ T7717] ? do_preadv+0x1b1/0x270 [ 128.902391][ T7717] do_preadv+0x1b1/0x270 [ 128.904165][ T7717] ? __pfx_do_preadv+0x10/0x10 [ 128.906140][ T7717] __do_fast_syscall_32+0x73/0x120 [ 128.908310][ T7717] do_fast_syscall_32+0x32/0x80 [ 128.910358][ T7717] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 128.913029][ T7717] RIP: 0023:0xf712e579 [ 128.914783][ T7717] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 128.922643][ T7717] RSP: 002b:00000000f512055c EFLAGS: 00000296 ORIG_RAX: 000000000000014d [ 128.926037][ T7717] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000040 [ 128.929360][ T7717] RDX: 0000000000000001 RSI: 0000000000000300 RDI: 0000000000000000 [ 128.932604][ T7717] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 128.935854][ T7717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.939129][ T7717] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 128.942354][ T7717] [ 129.103248][ T7731] ptm ptm2: ldisc open failed (-12), clearing slot 2 [ 129.381042][ T39] audit: type=1326 audit(1736110124.137:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7749 comm="syz.2.388" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x0 [ 129.459200][ T7752] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 129.655124][ T7756] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 129.659640][ T7761] __nla_validate_parse: 42 callbacks suppressed [ 129.659655][ T7761] netlink: 8 bytes leftover after parsing attributes in process `syz.1.390'. [ 129.665808][ T7761] netem: invalid attributes len -9 [ 129.678641][ T7761] netem: change failed [ 130.016099][ T7777] syzkaller0: entered promiscuous mode [ 130.020103][ T7777] syzkaller0: entered allmulticast mode [ 130.552971][ T7793] program syz.1.398 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 130.876059][ T7792] program syz.2.399 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 131.722147][ T7811] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 131.724818][ T7811] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 131.730741][ T7811] vhci_hcd vhci_hcd.0: Device attached [ 131.734962][ T7812] vhci_hcd: connection closed [ 131.737846][ T97] vhci_hcd: stop threads [ 131.741559][ T97] vhci_hcd: release socket [ 131.743553][ T97] vhci_hcd: disconnect device [ 131.865781][ T7781] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 132.246451][ T57] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 132.416444][ T57] usb 5-1: Using ep0 maxpacket: 32 [ 132.426554][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.431106][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.435151][ T57] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 132.456400][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.461225][ T57] usb 5-1: config 0 descriptor?? [ 132.557169][ T7837] program syz.2.408 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 133.056672][ T57] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 133.319089][ T7832] program syz.1.409 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 133.335138][ T5990] usb 5-1: USB disconnect, device number 3 [ 134.455552][ T7867] wg2: entered promiscuous mode [ 134.457554][ T7867] wg2: entered allmulticast mode [ 134.766290][ T7873] lo: entered allmulticast mode [ 134.779627][ T7873] pimreg: entered allmulticast mode [ 134.783160][ T7873] pimreg: left allmulticast mode [ 134.784903][ T7873] lo: left allmulticast mode [ 134.989744][ T7878] netlink: 4 bytes leftover after parsing attributes in process `syz.0.419'. [ 135.077987][ T7887] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 135.260080][ T7897] program syz.3.421 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 136.393659][ T7929] autofs4:pid:7929:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(4294967071.1), cmd(0xc018937e) [ 136.399152][ T7929] autofs4:pid:7929:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 136.480641][ T7930] lo speed is unknown, defaulting to 1000 [ 136.549249][ T7931] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 137.158881][ T7941] binder: 7937:7941 ioctl 400c620e 20000140 returned -22 [ 137.455289][ T7945] program syz.1.434 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 138.187856][ T7952] lo speed is unknown, defaulting to 1000 [ 138.656587][ T1446] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 138.821964][ T1446] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 138.825424][ T1446] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 138.828659][ T1446] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 138.831440][ T1446] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.837135][ T7956] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 138.845362][ T1446] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 139.047452][ T7956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.053864][ T7956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.057359][ T7956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.060675][ T7956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.063703][ T7956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.066700][ T7956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.071065][ T7956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.080081][ T7956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.091552][ T1446] usb 6-1: USB disconnect, device number 5 [ 140.469399][ T8029] infiniband sz1: set active [ 140.540318][ T8029] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 140.544979][ T30] lo speed is unknown, defaulting to 1000 [ 140.688793][ T8038] bridge0: port 4(netdevsim0) entered blocking state [ 140.690976][ T8038] bridge0: port 4(netdevsim0) entered disabled state [ 140.694755][ T8038] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 140.700679][ T8038] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 140.704288][ T8038] bridge0: port 4(netdevsim0) entered blocking state [ 140.707181][ T8038] bridge0: port 4(netdevsim0) entered forwarding state [ 140.758670][ T8038] netlink: 248 bytes leftover after parsing attributes in process `syz.2.445'. [ 140.924417][ T39] audit: type=1804 audit(1736110135.687:51): pid=8043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.446" name="/newroot/113/file0/file0" dev="9p" ino=39714862 res=1 errno=0 [ 141.104350][ T8043] syz.0.446 (8043) used greatest stack depth: 21168 bytes left [ 141.287447][ T6007] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 141.437996][ T6007] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 141.442425][ T6007] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 141.446179][ T6007] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 141.449830][ T6007] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.459630][ T8045] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 141.467370][ T6007] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 141.672220][ T30] usb 7-1: USB disconnect, device number 13 [ 142.165314][ T8056] tipc: Enabled bearer , priority 0 [ 142.229433][ T8060] syz.0.452: attempt to access beyond end of device [ 142.229433][ T8060] loop0: rw=0, sector=1, nr_sectors = 1 limit=0 [ 142.236175][ T8060] VFS: unable to read V7 FS superblock on device loop0. [ 142.239497][ T8060] VFS: could not find a valid V7 on loop0. [ 142.681576][ T8071] program syz.0.454 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 143.428892][ T8089] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 143.431043][ T8089] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 143.434132][ T8089] vhci_hcd vhci_hcd.0: Device attached [ 143.547535][ T8090] vhci_hcd: connection closed [ 143.553694][ T1236] vhci_hcd: stop threads [ 143.557176][ T1236] vhci_hcd: release socket [ 143.558656][ T1236] vhci_hcd: disconnect device [ 143.606541][ T30] vhci_hcd: vhci_device speed not set [ 144.777905][ T8132] syzkaller0: tun_chr_ioctl cmd 1074025676 [ 144.780364][ T8132] syzkaller0: owner set to 823 [ 145.086928][ T8141] syz.0.474: attempt to access beyond end of device [ 145.086928][ T8141] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0 [ 145.093476][ T8141] syz.0.474: attempt to access beyond end of device [ 145.093476][ T8141] nbd0: rw=0, sector=16, nr_sectors = 2 limit=0 [ 145.197892][ T8141] net veth1_virt_wifi : renamed from virt_wifi0 [ 146.464546][ T8187] kAFS: No cell specified [ 146.964676][ T8189] netlink: 4 bytes leftover after parsing attributes in process `syz.1.486'. [ 147.302198][ T8193] fuse: Bad value for 'fd' [ 147.895944][ T8208] lo speed is unknown, defaulting to 1000 [ 148.006821][ T8212] loop9: detected capacity change from 0 to 6 [ 148.011540][ T8212] Dev loop9: unable to read RDB block 6 [ 148.013604][ T8212] loop9: unable to read partition table [ 148.016125][ T8212] loop9: partition table beyond EOD, truncated [ 148.030085][ T8212] loop_reread_partitions: partition scan of loop9 (被xڬdƤݡ [ 148.030085][ T8212] ) failed (rc=-5) [ 148.446194][ T8228] input: syz0 as /devices/virtual/input/input12 [ 149.217659][ T8248] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 149.699733][ T8259] netlink: 96 bytes leftover after parsing attributes in process `syz.3.506'. [ 149.725136][ T8260] netlink: 'syz.0.507': attribute type 4 has an invalid length. [ 149.880103][ T8263] netlink: 'syz.1.509': attribute type 1 has an invalid length. [ 150.035883][ T8263] tls_set_device_offload_rx: netdev not found [ 150.565590][ T8285] serio: Serial port ptm0 [ 150.981208][ T8314] sz1: rxe_newlink: already configured on lo [ 150.985955][ T8314] netlink: 20 bytes leftover after parsing attributes in process `syz.1.515'. [ 150.994462][ T8314] : renamed from lo (while UP) [ 151.207700][ T8316] input: syz1 as /devices/virtual/input/input14 [ 151.292305][ T8319] netlink: 4 bytes leftover after parsing attributes in process `syz.3.520'. [ 151.347241][ T8318] qnx6: unable to read the first superblock [ 151.352497][ T8318] netlink: 40 bytes leftover after parsing attributes in process `syz.2.519'. [ 152.838694][ T8345] netlink: 'syz.0.527': attribute type 13 has an invalid length. [ 152.841868][ T8345] netlink: 152 bytes leftover after parsing attributes in process `syz.0.527'. [ 152.845785][ T8345] syz_tun: refused to change device tx_queue_len [ 152.848466][ T8345] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 152.933513][ T8359] netlink: 20 bytes leftover after parsing attributes in process `syz.1.531'. [ 152.937251][ T8359] geneve0: entered allmulticast mode [ 153.135459][ T8362] program syz.2.530 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 154.194111][ T5960] block nbd2: Receive control failed (result -107) [ 154.240684][ T8377] can0: slcan on ttyS3. [ 154.256583][ T8376] input: syz0 as /devices/virtual/input/input16 [ 154.258883][ T8376] input: failed to attach handler leds to device input16, error: -6 [ 154.347088][ T8375] nbd2: detected capacity change from 0 to 20 [ 154.368621][ T5948] block nbd2: Dead connection, failed to find a fallback [ 154.371294][ T5948] block nbd2: shutting down sockets [ 154.373287][ T5948] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 154.381067][ T5948] Buffer I/O error on dev nbd2, logical block 0, async page read [ 154.383517][ T5948] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 154.386782][ T5948] Buffer I/O error on dev nbd2, logical block 0, async page read [ 154.390760][ T5948] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 154.393670][ T5948] Buffer I/O error on dev nbd2, logical block 0, async page read [ 154.400225][ T5948] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 154.403016][ T5948] Buffer I/O error on dev nbd2, logical block 0, async page read [ 154.405553][ T5948] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 154.408858][ T5948] Buffer I/O error on dev nbd2, logical block 0, async page read [ 154.411519][ T5948] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 154.414398][ T5948] Buffer I/O error on dev nbd2, logical block 0, async page read [ 154.419089][ T5948] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 154.421924][ T5948] Buffer I/O error on dev nbd2, logical block 0, async page read [ 154.425147][ T5948] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 154.428443][ T5948] Buffer I/O error on dev nbd2, logical block 0, async page read [ 154.431127][ T5948] ldm_validate_partition_table(): Disk read failed. [ 154.433322][ T5948] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 154.436245][ T5948] Buffer I/O error on dev nbd2, logical block 0, async page read [ 154.443251][ T5948] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 154.447149][ T5948] Buffer I/O error on dev nbd2, logical block 0, async page read [ 154.449908][ T5948] Dev nbd2: unable to read RDB block 0 [ 154.451802][ T5948] nbd2: unable to read partition table [ 154.453689][ T5948] nbd2: partition table beyond EOD, truncated [ 154.499036][ T5948] ldm_validate_partition_table(): Disk read failed. [ 154.502032][ T5948] Dev nbd2: unable to read RDB block 0 [ 154.509106][ T5948] nbd2: unable to read partition table [ 154.511309][ T5948] nbd2: partition table beyond EOD, truncated [ 154.589121][ T8390] netlink: 16 bytes leftover after parsing attributes in process `syz.2.536'. [ 154.857105][ T8369] can0 (unregistered): slcan off ttyS3. [ 154.955990][ T8376] ceph: No mds server is up or the cluster is laggy [ 155.384563][ T8425] speed is unknown, defaulting to 1000 [ 155.480380][ T8428] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 155.492317][ T8428] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 155.530314][ T8441] program syz.1.543 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 156.284841][ T8474] trusted_key: encrypted_key: insufficient parameters specified [ 156.290569][ T8473] trusted_key: encrypted_key: insufficient parameters specified [ 156.298559][ T5960] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 156.302016][ T5960] Bluetooth: hci0: Injecting HCI hardware error event [ 156.305951][ T5960] Bluetooth: hci0: hardware error 0x00 [ 156.789196][ T8484] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 156.817967][ T8479] fuse: Unknown parameter '\d' [ 157.190570][ T39] audit: type=1326 audit(1736110151.957:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8495 comm="syz.2.557" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x0 [ 157.526496][ T9] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 157.656495][ T9] usb 7-1: device descriptor read/64, error -71 [ 158.417863][ T9] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 158.418988][ T8513] program syz.0.561 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 158.436662][ T5960] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 158.539517][ T5987] hid (null): unknown global tag 0xe [ 158.542348][ T5987] hid (null): unknown global tag 0xe [ 158.545528][ T5987] hid (null): unknown global tag 0xc [ 158.547689][ T5987] hid (null): unknown global tag 0xd [ 158.551763][ T8530] 9pnet: p9_errstr2errno: server reported unknown error k [ 158.555477][ T5987] hid-generic 0000:0004:00A9.0006: unknown main item tag 0x0 [ 158.557355][ T9] usb 7-1: device descriptor read/64, error -71 [ 158.559621][ T5987] hid-generic 0000:0004:00A9.0006: unknown global tag 0xe [ 158.564977][ T5987] hid-generic 0000:0004:00A9.0006: item 0 2 1 14 parsing failed [ 158.570198][ T5987] hid-generic 0000:0004:00A9.0006: probe with driver hid-generic failed with error -22 [ 158.670460][ T9] usb usb7-port1: attempt power cycle [ 159.107452][ T9] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 159.237691][ T8565] random: crng reseeded on system resumption [ 159.346871][ T9] usb 7-1: device descriptor read/8, error -71 [ 159.475485][ T8574] speed is unknown, defaulting to 1000 [ 159.623807][ T8584] wireguard0: entered promiscuous mode [ 159.625543][ T8584] wireguard0: entered allmulticast mode [ 159.636838][ T9] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 159.687231][ T9] usb 7-1: device descriptor read/8, error -71 [ 159.894180][ T9] usb usb7-port1: unable to enumerate USB device [ 160.506713][ T8606] tmpfs: Bad value for 'mpol' [ 160.944454][ T8624] binder: 8621:8624 ioctl c0306201 20000680 returned -14 [ 161.078247][ T8625] syz.1.585: attempt to access beyond end of device [ 161.078247][ T8625] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 161.084670][ T8625] XFS (nbd1): SB validate failed with error -5. [ 161.585792][ T8642] netlink: 'syz.0.592': attribute type 1 has an invalid length. [ 161.611923][ T8642] 8021q: adding VLAN 0 to HW filter on device bond1 [ 161.620058][ T8640] syz.2.591 (8640) used greatest stack depth: 20928 bytes left [ 161.623692][ T8642] bond1: (slave gretap1): making interface the new active one [ 161.626729][ T8642] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 161.643053][ T8642] block device autoloading is deprecated and will be removed. [ 161.981573][ T8681] binder: 8680:8681 ioctl c0306201 0 returned -14 [ 162.020886][ T8684] syzkaller0: entered allmulticast mode [ 162.025211][ T8684] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 162.052627][ T8675] netlink: zone id is out of range [ 162.075662][ T8683] syzkaller0: left allmulticast mode [ 163.217204][ T5990] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 163.352972][ T8722] IPv6: addrconf: prefix option has invalid lifetime [ 163.368502][ T5990] usb 6-1: Using ep0 maxpacket: 16 [ 163.372840][ T5990] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 163.380010][ T5990] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 163.383828][ T5990] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.387272][ T5990] usb 6-1: Product: syz [ 163.388988][ T5990] usb 6-1: Manufacturer: syz [ 163.391019][ T5990] usb 6-1: SerialNumber: syz [ 163.402050][ T5990] usb 6-1: config 0 descriptor?? [ 163.408651][ T5990] hub 6-1:0.0: bad descriptor, ignoring hub [ 163.412010][ T5990] hub 6-1:0.0: probe with driver hub failed with error -5 [ 163.419462][ T5990] input: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input17 [ 164.155425][ T25] hid-generic 0005:7FFF:0008.0007: hidraw1: BLUETOOTH HID v0.02 Device [syz1] on aa:aa:aa:aa:aa:aa [ 164.173347][ T8720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.219061][ T8737] netlink: 8 bytes leftover after parsing attributes in process `syz.2.612'. [ 164.254335][ T39] audit: type=1326 audit(1736110159.017:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.1.610" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x7ffc0000 [ 164.261280][ T39] audit: type=1326 audit(1736110159.017:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.1.610" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x7ffc0000 [ 164.279517][ T39] audit: type=1326 audit(1736110159.027:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.1.610" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f57579 code=0x7ffc0000 [ 164.287423][ T39] audit: type=1326 audit(1736110159.027:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.1.610" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x7ffc0000 [ 164.347719][ T39] audit: type=1326 audit(1736110159.027:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.1.610" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x7ffc0000 [ 164.354924][ T39] audit: type=1326 audit(1736110159.037:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.1.610" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f57579 code=0x7ffc0000 [ 164.365012][ T39] audit: type=1326 audit(1736110159.037:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.1.610" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f57579 code=0x7ffc0000 [ 164.376536][ T39] audit: type=1326 audit(1736110159.037:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.1.610" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f57579 code=0x7ffc0000 [ 164.382779][ T39] audit: type=1326 audit(1736110159.037:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.1.610" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f57579 code=0x7ffc0000 [ 164.390009][ T39] audit: type=1326 audit(1736110159.037:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8732 comm="syz.1.610" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f57579 code=0x7ffc0000 [ 164.394871][ T8737] bond1: entered promiscuous mode [ 164.398518][ T8737] bond1: entered allmulticast mode [ 164.400243][ T8737] 8021q: adding VLAN 0 to HW filter on device bond1 [ 164.465632][ T8737] netlink: 36 bytes leftover after parsing attributes in process `syz.2.612'. [ 164.471000][ T8737] netlink: 16 bytes leftover after parsing attributes in process `syz.2.612'. [ 164.474548][ T8737] netlink: 36 bytes leftover after parsing attributes in process `syz.2.612'. [ 164.474671][ T8745] overlay: filesystem on ./bus not supported as upperdir [ 164.478923][ T8737] netlink: 36 bytes leftover after parsing attributes in process `syz.2.612'. [ 164.608731][ T5344] usb 6-1: reset high-speed USB device number 6 using dummy_hcd [ 164.737358][ T5344] usb 6-1: device descriptor read/64, error -71 [ 164.976699][ T5344] usb 6-1: reset high-speed USB device number 6 using dummy_hcd [ 165.106449][ T5344] usb 6-1: device descriptor read/64, error -71 [ 165.356493][ T5344] usb 6-1: reset high-speed USB device number 6 using dummy_hcd [ 165.387090][ T5344] usb 6-1: device descriptor read/8, error -71 [ 165.606581][ T8764] program syz.3.617 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 165.631147][ T8764] No control pipe specified [ 165.636827][ T5344] usb 6-1: reset high-speed USB device number 6 using dummy_hcd [ 165.657947][ T5344] usb 6-1: device descriptor read/8, error -71 [ 165.922526][ T5990] usb 6-1: USB disconnect, device number 6 [ 166.076458][ T5990] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 166.196229][ T8791] netlink: 68 bytes leftover after parsing attributes in process `syz.3.624'. [ 166.246409][ T5990] usb 6-1: device descriptor read/64, error -71 [ 166.458312][ T8793] netlink: 96 bytes leftover after parsing attributes in process `syz.0.625'. [ 166.464103][ T8793] JFS: discard option not supported on device [ 166.474844][ T8793] syz.0.625: attempt to access beyond end of device [ 166.474844][ T8793] loop0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 166.480893][ T8793] syz.0.625: attempt to access beyond end of device [ 166.480893][ T8793] loop0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 166.486242][ T8793] Mount JFS Failure: -5 [ 166.486543][ T5990] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 166.488171][ T8793] jfs_mount failed w/return code = -5 [ 166.612643][ T8793] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 166.617266][ T5990] usb 6-1: device descriptor read/64, error -71 [ 166.726692][ T5990] usb usb6-port1: attempt power cycle [ 167.343185][ T8861] program syz.3.632 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 167.693931][ T8849] No control pipe specified [ 168.190635][ T8887] netfs: Couldn't get user pages (rc=-14) [ 169.028309][ T8908] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 169.707341][ T8915] nbd3: detected capacity change from 0 to 12 [ 169.710943][ T8927] block nbd3: NBD_DISCONNECT [ 169.712191][ T5948] block nbd3: Send control failed (result -89) [ 169.716167][ T5948] block nbd3: Request send failed, requeueing [ 169.719868][ T5948] block nbd3: Disconnected due to user request. [ 169.724325][ T8927] block nbd3: Send disconnect failed -89 [ 169.726931][ T8903] blk_print_req_error: 25 callbacks suppressed [ 169.726941][ T8903] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 169.732544][ T8903] buffer_io_error: 25 callbacks suppressed [ 169.732552][ T8903] Buffer I/O error on dev nbd3, logical block 0, async page read [ 169.739931][ T5948] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 169.743769][ T5948] Buffer I/O error on dev nbd3, logical block 0, async page read [ 169.747760][ T5948] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 169.751546][ T5948] Buffer I/O error on dev nbd3, logical block 0, async page read [ 169.754881][ T5948] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 169.759342][ T5948] Buffer I/O error on dev nbd3, logical block 0, async page read [ 169.763325][ T5948] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 169.767720][ T5948] Buffer I/O error on dev nbd3, logical block 0, async page read [ 169.771792][ T5948] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 169.774802][ T5948] Buffer I/O error on dev nbd3, logical block 0, async page read [ 169.778342][ T5948] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 169.781112][ T5948] Buffer I/O error on dev nbd3, logical block 0, async page read [ 169.784606][ T5948] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 169.788686][ T5948] Buffer I/O error on dev nbd3, logical block 0, async page read [ 169.791950][ T5948] ldm_validate_partition_table(): Disk read failed. [ 169.795295][ T5948] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 169.799340][ T5948] Buffer I/O error on dev nbd3, logical block 0, async page read [ 169.801946][ T5948] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 169.806512][ T5948] Buffer I/O error on dev nbd3, logical block 0, async page read [ 169.809947][ T5948] Dev nbd3: unable to read RDB block 0 [ 169.812265][ T5948] nbd3: unable to read partition table [ 169.813989][ T5948] nbd3: partition table beyond EOD, truncated [ 169.835575][ T5948] ldm_validate_partition_table(): Disk read failed. [ 169.839178][ T5948] Dev nbd3: unable to read RDB block 0 [ 169.840244][ T8931] wireguard0: entered promiscuous mode [ 169.840919][ T5948] nbd3: unable to read partition table [ 169.843007][ T8931] wireguard0: entered allmulticast mode [ 169.844941][ T5948] nbd3: partition table beyond EOD, truncated [ 170.111468][ T8946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.654'. [ 170.860140][ T8961] netlink: 204 bytes leftover after parsing attributes in process `syz.2.657'. [ 170.920735][ T8968] netlink: 'syz.1.658': attribute type 1 has an invalid length. [ 170.924039][ T8968] netlink: 224 bytes leftover after parsing attributes in process `syz.1.658'. [ 171.676454][ T57] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 171.828274][ T57] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 171.831667][ T57] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 171.835652][ T57] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 172.129602][ T57] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 172.137763][ T57] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 172.144520][ T57] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 172.147521][ T57] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 172.149882][ T57] usb 5-1: Product: syz [ 172.151076][ T57] usb 5-1: Manufacturer: syz [ 172.160563][ T57] cdc_wdm 5-1:1.0: skipping garbage [ 172.162216][ T57] cdc_wdm 5-1:1.0: skipping garbage [ 172.165538][ T57] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 172.167371][ T57] cdc_wdm 5-1:1.0: Unknown control protocol [ 172.291720][ T8986] (syz.1.664,8986,3):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 172.295390][ T8986] (syz.1.664,8986,3):ocfs2_fill_super:1178 ERROR: status = -22 [ 172.471651][ C2] wdm_int_callback: 182 callbacks suppressed [ 172.471671][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 172.476657][ C2] wdm_int_callback: 182 callbacks suppressed [ 172.476673][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 172.481375][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 172.483653][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 172.486220][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 172.488819][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 172.490933][ C2] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 172.492998][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 172.494717][ C2] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 172.497889][ T5983] usb 5-1: USB disconnect, device number 4 [ 172.609572][ T57] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 172.768252][ T57] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 172.772753][ T57] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 172.776662][ T57] usb 6-1: config 0 interface 0 has no altsetting 0 [ 172.779397][ T57] usb 6-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00 [ 172.783039][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.788190][ T57] usb 6-1: config 0 descriptor?? [ 172.951009][ T5983] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 173.108785][ T5983] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 173.112554][ T5983] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 173.117156][ T5983] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 173.120808][ T5983] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 173.124872][ T5983] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 173.131096][ T5983] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 173.133740][ T5983] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 173.136103][ T5983] usb 5-1: Product: syz [ 173.137876][ T5983] usb 5-1: Manufacturer: syz [ 173.145305][ T5983] cdc_wdm 5-1:1.0: skipping garbage [ 173.147305][ T5983] cdc_wdm 5-1:1.0: skipping garbage [ 173.150751][ T5983] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 173.152486][ T5983] cdc_wdm 5-1:1.0: Unknown control protocol [ 173.319595][ T8988] /dev/sr0: Can't open blockdev [ 173.326204][ T57] usbhid 6-1:0.0: can't add hid device: -71 [ 173.328168][ T57] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 173.331117][ T57] usb 6-1: USB disconnect, device number 10 [ 173.359221][ T5990] usb 5-1: USB disconnect, device number 5 [ 173.466509][ T1446] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 173.616654][ T1446] usb 7-1: Using ep0 maxpacket: 16 [ 173.624022][ T1446] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 173.636218][ T1446] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 173.647591][ T1446] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.650861][ T1446] usb 7-1: Product: syz [ 173.652562][ T1446] usb 7-1: Manufacturer: syz [ 173.654823][ T1446] usb 7-1: SerialNumber: syz [ 173.669345][ T1446] usb 7-1: config 0 descriptor?? [ 173.676679][ T1446] hub 7-1:0.0: bad descriptor, ignoring hub [ 173.679342][ T1446] hub 7-1:0.0: probe with driver hub failed with error -5 [ 173.686850][ T1446] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input18 [ 174.445816][ T9012] dccp_check_seqno: Step 6 failed for CLOSEREQ packet, (LSWL(235069452945803) <= P.seqno(235069452945802) <= S.SWH(235069452945877)) and (P.ackno exists or LAWL(90500236738775) <= P.ackno(90500236738775) <= S.AWH(90500236738776), sending SYNC... [ 174.864776][ T9040] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 174.874962][ T9040] xt_socket: unknown flags 0x46 [ 175.000985][ T9044] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 175.026748][ T1446] usb 7-1: USB disconnect, device number 18 [ 175.669597][ T57] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 175.816514][ T57] usb 6-1: Using ep0 maxpacket: 8 [ 175.820735][ T57] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 175.824929][ T57] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 175.837485][ T57] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 176.102483][ T57] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 176.112785][ T57] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 176.119135][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.163766][ T9065] netlink: 4 bytes leftover after parsing attributes in process `syz.0.684'. [ 176.197329][ T9065] netlink: 4 bytes leftover after parsing attributes in process `syz.0.684'. [ 176.330475][ T57] usb 6-1: usb_control_msg returned -32 [ 176.332677][ T57] usbtmc 6-1:16.0: can't read capabilities [ 176.902045][ T5990] usb 6-1: USB disconnect, device number 11 [ 178.970926][ T9108] RDS: rds_bind could not find a transport for ::ffff:10.1.1.0, load rds_tcp or rds_rdma? [ 180.230311][ T5960] Bluetooth: hci1: unexpected event for opcode 0x0c0d [ 180.258145][ T9131] NILFS (loop0): device size too small [ 180.726237][ T9139] program syz.1.703 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 181.189376][ T9145] netlink: 8 bytes leftover after parsing attributes in process `syz.3.705'. [ 181.580425][ T9149] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 181.674926][ T9157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.707'. [ 182.962142][ T9191] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 183.272031][ T9205] program syz.3.716 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 183.436403][ T57] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 183.566760][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 183.597521][ T57] usb 5-1: Using ep0 maxpacket: 8 [ 183.601377][ T57] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 183.604201][ T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 183.607046][ T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 183.610978][ T57] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 183.614853][ T57] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 183.617425][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.826588][ T57] usb 5-1: usb_control_msg returned -32 [ 183.829075][ T57] usbtmc 5-1:16.0: can't read capabilities [ 183.899811][ T57] usb 5-1: USB disconnect, device number 6 [ 183.954936][ T9224] 9pnet: Unknown protocol version 9p2000. [ 184.624582][ T9239] netlink: 8 bytes leftover after parsing attributes in process `syz.0.725'. [ 184.635743][ T9239] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'. [ 184.639413][ T9239] netlink: 'syz.0.725': attribute type 13 has an invalid length. [ 184.646766][ T9239] netlink: 'syz.0.725': attribute type 12 has an invalid length. [ 184.857438][ T9255] netlink: 248 bytes leftover after parsing attributes in process `syz.3.728'. [ 184.957956][ T9260] netlink: 52 bytes leftover after parsing attributes in process `syz.3.730'. [ 184.968724][ T9260] 9pnet_fd: Insufficient options for proto=fd [ 185.074785][ T9270] trusted_key: syz.1.731 sent an empty control message without MSG_MORE. [ 185.188785][ T9266] netlink: 4 bytes leftover after parsing attributes in process `syz.1.731'. [ 185.556236][ T9291] program syz.0.735 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 185.803834][ T9295] netlink: 12 bytes leftover after parsing attributes in process `syz.3.737'. [ 186.198022][ T9302] netlink: 32 bytes leftover after parsing attributes in process `syz.2.740'. [ 186.770427][ T9318] No control pipe specified [ 187.298212][ T9328] [ 187.299242][ T9328] ============================= [ 187.301214][ T9328] [ BUG: Invalid wait context ] [ 187.303164][ T9328] 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0 Not tainted [ 187.307109][ T9328] ----------------------------- [ 187.309894][ T9328] iou-wrk-9307/9328 is trying to lock: [ 187.312082][ T9328] ffff88801f731bd8 (&sighand->siglock){-.-.}-{3:3}, at: __lock_task_sighand+0xc2/0x340 [ 187.315916][ T9328] other info that might help us debug this: [ 187.318277][ T9328] context-{5:5} [ 187.319713][ T9328] 3 locks held by iou-wrk-9307/9328: [ 187.321690][ T9328] #0: ffff8880692ee928 (&acct->lock){+.+.}-{2:2}, at: io_worker_handle_work+0x9eb/0x1680 [ 187.325731][ T9328] #1: ffffffff8ddbad40 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1c2/0x590 [ 187.329681][ T9328] #2: ffffffff8ddbad40 (rcu_read_lock){....}-{1:3}, at: __lock_task_sighand+0x3f/0x340 [ 187.333666][ T9328] stack backtrace: [ 187.335265][ T9328] CPU: 3 UID: 0 PID: 9328 Comm: iou-wrk-9307 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0 [ 187.339570][ T9328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 187.343596][ T9328] Call Trace: [ 187.344841][ T9328] [ 187.345994][ T9328] dump_stack_lvl+0x116/0x1f0 [ 187.347932][ T9328] __lock_acquire+0x878/0x3c40 [ 187.349831][ T9328] ? __pfx___lock_acquire+0x10/0x10 [ 187.351845][ T9328] ? __pfx___lock_acquire+0x10/0x10 [ 187.353849][ T9328] lock_acquire.part.0+0x11b/0x380 [ 187.355860][ T9328] ? __lock_task_sighand+0xc2/0x340 [ 187.357963][ T9328] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 187.360314][ T9328] ? rcu_is_watching+0x12/0xc0 [ 187.362207][ T9328] ? trace_lock_acquire+0x14e/0x1f0 [ 187.364357][ T9328] ? trace_lock_acquire+0x14e/0x1f0 [ 187.366479][ T9328] ? __lock_task_sighand+0xc2/0x340 [ 187.368551][ T9328] ? lock_acquire+0x2f/0xb0 [ 187.370404][ T9328] ? __lock_task_sighand+0xc2/0x340 [ 187.372377][ T9328] _raw_spin_lock_irqsave+0x3a/0x60 [ 187.374427][ T9328] ? __lock_task_sighand+0xc2/0x340 [ 187.376438][ T9328] __lock_task_sighand+0xc2/0x340 [ 187.378288][ T9328] group_send_sig_info+0x290/0x300 [ 187.380203][ T9328] ? __pfx_group_send_sig_info+0x10/0x10 [ 187.382347][ T9328] ? __pfx___lock_acquire+0x10/0x10 [ 187.384414][ T9328] ? hlock_class+0x4e/0x130 [ 187.386251][ T9328] ? mark_lock+0xb5/0xc60 [ 187.388022][ T9328] bpf_send_signal_common+0x415/0x520 [ 187.390074][ T9328] ? __pfx_bpf_send_signal_common+0x10/0x10 [ 187.392336][ T9328] ? trace_lock_acquire+0x14e/0x1f0 [ 187.394453][ T9328] ? bpf_trace_run2+0x1c2/0x590 [ 187.396420][ T9328] bpf_send_signal+0x1d/0x30 [ 187.398171][ T9328] bpf_prog_631417f49dd64198+0x25/0x48 [ 187.400274][ T9328] bpf_trace_run2+0x231/0x590 [ 187.402022][ T9328] ? irqentry_exit+0x3b/0x90 [ 187.403688][ T9328] ? __pfx_bpf_trace_run2+0x10/0x10 [ 187.405699][ T9328] trace_contention_end.constprop.0+0xf0/0x170 [ 187.408055][ T9328] __pv_queued_spin_lock_slowpath+0x27e/0xc90 [ 187.410438][ T9328] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 187.412910][ T9328] ? lock_acquire.part.0+0x11b/0x380 [ 187.414949][ T9328] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 187.417162][ T9328] do_raw_spin_lock+0x210/0x2c0 [ 187.419066][ T9328] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 187.421352][ T9328] ? lock_acquire+0x2f/0xb0 [ 187.423244][ T9328] ? io_worker_handle_work+0x9eb/0x1680 [ 187.425481][ T9328] io_worker_handle_work+0x9eb/0x1680 [ 187.427780][ T9328] io_wq_worker+0x33f/0xdf0 [ 187.429744][ T9328] ? __pfx_io_wq_worker+0x10/0x10 [ 187.431910][ T9328] ? ret_from_fork+0x23/0x80 [ 187.433883][ T9328] ? __pfx_lock_release+0x10/0x10 [ 187.436000][ T9328] ? do_raw_spin_lock+0x12d/0x2c0 [ 187.438041][ T9328] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 187.440262][ T9328] ? __pfx_io_wq_worker+0x10/0x10 [ 187.442314][ T9328] ret_from_fork+0x45/0x80 [ 187.444131][ T9328] ? __pfx_io_wq_worker+0x10/0x10 [ 187.446177][ T9328] ret_from_fork_asm+0x1a/0x30 [ 187.448190][ T9328] [ 187.732617][ T9372] netlink: 152 bytes leftover after parsing attributes in process `syz.1.747'. VM DIAGNOSIS: 20:49:42 Registers: info registers vcpu 0 CPU#0 RAX=0000000080010001 RBX=ffff88802b435be0 RCX=ffffffff81a80eec RDX=ffff888021b1a440 RSI=0000000000000000 RDI=0000000000000005 RBP=ffff88802b435be8 RSP=ffffc90000007f78 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=ffffc90000007ff8 R12=0000000000000022 R13=0000000000000023 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81a80f90 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7220360 CR3=0000000051784000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000080000000 RBX=ffff88806f78bb80 RCX=ffffffff848d8082 RDX=ffff88802361c880 RSI=ffffffff848d8090 RDI=0000000000000007 RBP=00000000fffffff5 RSP=ffffc900226c7a78 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=ffff88806f78bd50 RIP=ffffffff81994feb RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f5fcffc CR3=0000000051784000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000003 RCX=1ffffffff203a35a RDX=ffff888022bbc880 RSI=ffffffff81484a34 RDI=ffffffff81484a21 RBP=ffff8880692ee910 RSP=ffffc9000d08fb28 R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff901ce7d7 R11=0000000000000000 R12=0000000000000003 R13=0000000000000003 R14=ffff88802b63fc40 R15=ffffed100d25dd22 RIP=ffffffff81484a36 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002f31fffc CR3=000000006a970000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcfeff00 Opmask01=000000000000007f Opmask02=00000000fffeff7f Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 003d45444f4d5645 44003d524f4e494d ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff12c0f7d0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a2a2a2a2a2a2a2a 2a2a2a2a2a2a2a2a ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ffff000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ff00000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ffff000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffff00 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7dc7fcd627a75b37 646432434c801bd5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 64646464646464f5 6464646464646454 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 722f766564752f62 696c2f7273752f00 534b4e494c564544 00454d414e564544 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d003d454d 414e564544003d58 45444e494649003d 4550595456454400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d0018454d 414e564544001858 45444e4946490018 4550595456454400 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000201 0000000000000000 30706f6f6c2f6b63 6f6c622f6c617574 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000562700627375 0000000000000021 0000000000302e36 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056224ac20bb0 000056224ac1e230 000056224ac7f5c0 000056224ac14b20 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056224ac16650 000056224ac26740 000056224ac15750 000056224ac20f90 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000562243c13f50 0000562228c1b770 0000000000000211 0000000000000053 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000053 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85143ef5 RDI=ffffffff9a667200 RBP=ffffffff9a6671c0 RSP=ffffc9000e7af170 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000005b R14=ffffffff85143e90 R15=0000000000000000 RIP=ffffffff85143f1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7220360 CR3=000000006a970000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fefeff00 Opmask01=000000000000007f Opmask02=00000000fffeff7f Opmask03=2040000404420020 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 003d45444f4d5645 44003d524f4e494d ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff12c0f980 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 00ff000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6ad0ebc130b04c20 737325545b970cc2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737373e2 7373737373737373 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 722f766564752f62 696c2f7273752f00 534b4e494c564544 00454d414e564544 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d003d454d 414e564544003d58 45444e494649003d 4550595456454400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d0018454d 414e564544001858 45444e4946490018 4550595456454400 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000a5 00000000000000e6 00000000000000e1 000000302f716d00 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056224ade42b0 000056224ac22f48 0000000000000041 0000000000302e36 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f114ebf1f60 00007f114ebf1f60 00000000000005d1 0000003177617264 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a263b383a3a263a 383a3a26493b3a3a 26483b3a3a264b3b 3a0a00307f617930 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000