last executing test programs: 5.339446128s ago: executing program 0 (id=1572): r0 = socket(0x2, 0x2, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r4, 0x0, 0x0) dup(0xffffffffffffffff) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = memfd_create(&(0x7f0000000680)='\x103q}2\x9a\xce\xaf^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99\x18\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1f\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\tRJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd99C\x9fF\x9c[M=\xa0^\xa8\xed)\xe8Z\xe8\x9b&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xc9\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8ZmH\x98\xaeb\xa5B5)\x80m\xff\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6\x05\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\x19\x06U)j!\x91\'\x98\xd2kFN\xfa\x80)O\xb9(!n\x9d\x13\x15\xf1\x1a\xb8y\x14l\xd1', 0x7) ioctl$FS_IOC_RESVSP(r7, 0x402c5828, &(0x7f00000000c0)={0x0, 0x0, 0x1, 0x762}) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {0x20000000}, 0x0, 0x0, 0x0, 0x0, 0x0, {r6}}, 0x58) bind$unix(r0, &(0x7f0000000000)=@abs, 0x6e) 4.534504042s ago: executing program 3 (id=1574): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = socket$isdn(0x22, 0x2, 0x24) io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x1f, &(0x7f00000004c0)={&(0x7f0000001000)}, 0x1) r3 = socket$isdn(0x22, 0x2, 0x22) dup3(r2, r3, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r4 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r4, &(0x7f00000017c0)=[{{&(0x7f0000000000)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1}}, {{&(0x7f00000002c0)={0x2, 0x0, @private=0xa010102}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000240)="0053acae91e65391e9b7d8139b93907582f63ba21da234f551284ed2af259a4a34", 0x21}], 0x1}}], 0x2, 0x0) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f00000003c0)={r6, 0x0, 0x20}, 0xc) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc2(0x0, r7) sendmsg$TIPC_NL_MEDIA_GET(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x94, r8, 0x2, 0x70bdac, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NODE={0x70, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfbb}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "2f91755c5b922efe43f00e91f80bdc237d82991bb5f2911d739bff8235bd1a0e3d32e625"}}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x20000804}, 0x4800) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50) r9 = bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff3d) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10) fadvise64(r9, 0x3, 0xb1, 0x0) r10 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r10, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, @remote, @empty, 0x7800, 0x80, 0xfffffffc, 0xdc67}}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x48) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) open(&(0x7f0000000380)='./file0\x00', 0x125102, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='sys_enter\x00', r11, 0x0, 0x3}, 0x18) rt_sigsuspend(0x0, 0x0) fchdir(r9) socket$inet6_tcp(0xa, 0x1, 0x0) 4.444910078s ago: executing program 3 (id=1576): bind$alg(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$nmem0(0xffffff9c, &(0x7f0000000000), 0x4080, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000040)=@pptp={0x18, 0x2, {0x0, @private=0xa010101}}, 0x80, &(0x7f0000000180)=[{&(0x7f00000000c0)="679138bdf26f48cf14205b1b12e088d258ca21a5e9427bc660376fb4e8e94269d2e279a2f1ecff7ed90ddd877ba9c30c3e7973764f4f34ce3c537a32154a8b79da7027e4cb44514623b59efdd3d8095551e8d61778b1e3a37e08327a93578dc6e2b83eb04ac6f652", 0x68}, {&(0x7f00000003c0)="48a21cc71ded3d5c48a4b630468707c2bcf2b86428d5881816208ef31e414a1848d181e0c52be28a40f5acfdade83ce989da1e733e828bb5f969b87eefd86bde8816b17016dd60305a736bb939a3fd82c01f1f5c60f841dd7e8187bdd07c33d309070ce1f15c45821d21ac2c316dd6148153bebac8dfe54156611f6509f0caa903fda662b74a940050a34a51c5", 0x8d}, {&(0x7f0000000500)="2d92bee34523ab2e72b1ab19d6852f9dbddc6a19cee59d46b1d099a0a1e4b4176ccba3d16f0238666879427594e8900bb12f5990d13a589774895cf5e9f0a3c288f1894f2f20d07a891afb72f62d8ce42a5289d812353c3acdcb7f4f16c9a5eb3d20b6701b3d4f0bf739b8a0d6e581e4eddbb80289b365eb2fe5cd01c2dd28964a89edc629e8ceda050c15a379edbd1d0e4111496abc545641b606f59655734ebf812fb1a5436ff069cfe646b6d5d63270d22bd2180f128d102fe2efbb91ade92cc2272e63bb4a9a445ce8d4d4a5783ed50e42e46064aade50e1e88f87530700f1e1b0ebd7d91d9b429381", 0xeb}, {&(0x7f0000000140)='*\n', 0x2}, {&(0x7f0000000600)="c502d5cd82d64efa124ee6cb1b1a5efcc156b3d9bbe20bb5e566dbaf821f48c4c2b456d7f9d74ca511a1a5460c08416bae0caf5683e7433a5921e8786d2091f99aed1b24603d2cd8476a498d0a06c327bbc80c6e4f4b0ba6740163a3d46a5165b3c2f0c3b35704a4b598b27bf65c70dbf140a36efa2d3d144e633624c0fe1da989c9e55ef4f53ab57e010e5435ccd71d21d56c2d08", 0x95}, {&(0x7f00000006c0)="4cdacfbbaf11f34cf905a25b44295540e4dfcc67ef3359cd8a23dbe4392185074c194cf37021988a84038d1a86691bb28ac5be0751c5c860f2b5d14dc3d8d625350b391ef68b4889451ba118923efb8d2f5bdc6734308e736bb9e97cc1ffdfd407d0d16b50d272c17616ba635d91ee902f5fd8ebb3e5f055d3488d8bc6ec8fcde9ebbac55332cccf129fb7e3342e4ec4ee88645e70a23fa424bbf633557a5e0a768dd4784f1415235d0b523274a5936f6bc7f7fcf9c1df4bc27ad25d7ac25c91e23735f39007ad25de055d0dbff2965c6c8dc94fd1672835aad76e1f3664031d7a3bc74f", 0xe4}], 0x6, &(0x7f0000000880)=[{0x24, 0x1, 0x7fff, "4e918ca2ef188c024cc76e37af4967911a05652667ef5c2d"}, {0xa8, 0x1, 0xa, "427c19d61de55f25c737116bb09241bc31dfc06016b205a1d51e15be373091d808a5c1539911c021bc896f46a3f52c7ecae9a51abd7da8a5d8e71333cf697f780fb32dea7b1e9f539e061d18fa767541d7de280e3fbe7705d56b5c43202bd1012466ba86aacd2c77354704360a5c8510c26ee35b1a9bf6cf7f897a98a3f1165afa32ceea5128901722999400a2337ee423058865d4843663ed91"}, {0x18, 0x102, 0xffff2f09, "0b6ef101cedc57a44d98"}, {0xfc, 0x0, 0x9, "046f7c91de18f0caa87bc3483d4c6e192bebea00af67f7820a15be2081d3587a3d7597592d61d162041fff9eab856f22863cdc34b06289f4477e1a93f59b21c88ce130fccb7c4fad38af1331e053fc95074e056cdd8974e903db60ea8d620d031dad71832e5a43f019f038553a7f364e3a62d28b1f488e4b75a0bd98c37c6fcd499f9f55d2229a998cf2b3b7cfe3e15ccc721556892ea573e0377dd384082dcf43ccfbb90d4761447e51eeb750b442c35c8527f4d40d14e8de01fa050c87d024e602783f311ef3721b048ac2998f2f39a09f16d3e67c8f231d477d75fc34d3c1f250ddee0526d4640b6abd6235e5a7"}, {0xa4, 0x29, 0x5, "566ae35aa5e7be322becdb230e42c396a65a9a8d5783dabe160f337413463e8f960327a6adeeadbd50a6e03404e2558c80a39399d1e86e9d9b80e98ca20665d170e7f69ba5474e6e48b6ae912b24e68529b64f8786a3cfee6ae68d098a6fe60aa43cdc80b1bb25cbb126738c13ee78077e162739c634d38dc7844f6d4e250aced02351a4cb0bd83d53efd4d7e7b6c6fbbf074eb2c9e19634"}, {0x24, 0x115, 0x4, "314913857c9f488ceb736e8eca3b1849e983164ae901228c"}], 0x2a8}, 0x20000000) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = dup(0xffffffffffffffff) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x1000000}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd, 0x0, 0x0, 0x0, {}, 0x1}) r5 = syz_open_procfs(0x0, &(0x7f0000000300)='task\x00') getdents(r5, 0xffffffffffffffff, 0x5a) chdir(&(0x7f00000001c0)='./file0\x00') bind$tipc(0xffffffffffffffff, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) 4.404175155s ago: executing program 3 (id=1577): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mlock(&(0x7f0000fff000/0x1000)=nil, 0x1000) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000001a000100000000000000000002002000", @ANYRES32=0x0, @ANYRESOCT=r0], 0x24}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000100)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r5 = fspick(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f00000000c0)='lowerdir', &(0x7f0000000100)='{\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r6 = syz_open_dev$ptys(0xc, 0x3, 0x1) syz_open_pts(r6, 0xa0000) rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') 4.367623779s ago: executing program 0 (id=1579): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, 0x0, 0x0) sendto$inet6(r1, &(0x7f0000000280)='2x', 0x2, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) setsockopt$inet6_buf(r1, 0x29, 0x38, &(0x7f00000008c0)="0bf6", 0x2) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) rseq(&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x104) clock_settime(0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x31, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) r4 = gettid() openat$snapshot(0xffffff9c, &(0x7f0000000000), 0x10080, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read(r3, &(0x7f00000003c0)=""/4096, 0x1000) sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001840)=@newtaction={0x894, 0x30, 0x12f, 0x0, 0x0, {}, [{0x880, 0x1, [@m_police={0x87c, 0x1, 0x0, 0x0, {{0xb}, {0x850, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x2, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x80000000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xb, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0x8}, @TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x6, 0xffffffff, 0x7f, 0x401, 0x2, 0x0, 0x2, 0x80000000, 0x4, 0x5, 0x8, 0x0, 0x7fff, 0x75ba, 0x7fffffff, 0x5, 0xffffffff, 0x7ff, 0x2, 0x9, 0x2, 0x0, 0x1000, 0x1, 0x3, 0x6, 0x0, 0xfa, 0x4, 0x0, 0xf, 0x80000001, 0x7, 0xfffffffb, 0x1, 0x20, 0x5, 0x8, 0x1, 0x2f2, 0x7fff, 0x0, 0x81, 0x206, 0x1ff, 0x7, 0x3, 0x5, 0x3, 0x9, 0x1000, 0x401, 0x1, 0x6, 0x7, 0x2, 0x4, 0x7f, 0x5, 0xfffffffb, 0x1, 0x4, 0x5, 0x8, 0x2000009, 0x9, 0x10, 0x9, 0x7, 0xffffff00, 0x97, 0x0, 0x4, 0x8, 0x8, 0x1, 0x958, 0x1fe, 0x4, 0x6, 0x7, 0x80, 0x5, 0xe53, 0x0, 0xfffffffe, 0x4, 0x8, 0x9, 0x7fff, 0x30, 0x8, 0xfffffff7, 0x4, 0x9, 0x1, 0x4, 0x7, 0x9, 0x5, 0x7, 0x6, 0x0, 0x5, 0x2, 0x7, 0x3, 0xcdd, 0x2, 0xd67, 0x7, 0x4, 0x25, 0x9dc5, 0x7, 0xfffffff7, 0x2, 0x400, 0x8, 0x0, 0x7, 0x5, 0x9, 0xa, 0xa, 0x9, 0x5, 0xdb5, 0x101, 0x4, 0x74e4, 0x7fff, 0x7, 0x7ff, 0x1, 0xd70, 0x1, 0x8, 0xa, 0x7, 0x1, 0x82, 0x52e, 0x7, 0x1, 0x5, 0x26, 0x1, 0x1b2a, 0x81, 0x9, 0x1c, 0x767, 0x7, 0x9, 0x10, 0xc2a, 0xff, 0x7, 0x6, 0x7, 0x3, 0xfffffff4, 0x8, 0x3, 0xfff, 0x8, 0x5, 0x5, 0x6, 0x3, 0xd7c3, 0x2, 0x10000, 0x7fff, 0x5, 0x5, 0x0, 0xfffffff7, 0x7, 0x2, 0x0, 0x6ee1847d, 0x10001, 0x7ff, 0x1, 0xf0, 0x7, 0x2, 0x7, 0x4, 0x6, 0x4, 0x7, 0x2, 0x0, 0x1, 0x4, 0x3, 0xfff, 0x80000001, 0x7, 0x676, 0x3, 0x9, 0x2, 0x4, 0x7fff, 0x4a5, 0x23, 0x4, 0x9, 0x8, 0x0, 0x8000, 0xa, 0x9, 0xca000000, 0x2, 0xfffffffa, 0x3, 0x7, 0x9, 0x7, 0x65fe, 0x9, 0x6, 0x4, 0x80000000, 0x5, 0x801, 0xb848, 0x6, 0x6, 0x800, 0x7, 0x1, 0xb, 0x80, 0x2, 0x3, 0x6, 0x9, 0x4, 0x4, 0xc, 0x80000001, 0x5, 0x5, 0x10000000, 0xb, 0x7, 0x5, 0x2, 0x4]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x894}}, 0x0) rseq(&(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x2, 0x0, 0xe, 0x8000}, 0x2}, 0x20, 0x0, 0x0) 3.46009874s ago: executing program 3 (id=1592): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mlock(&(0x7f0000fff000/0x1000)=nil, 0x1000) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000001a000100000000000000000002002000", @ANYRES32=0x0, @ANYRESOCT=r0], 0x24}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000100)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r5 = fspick(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f00000000c0)='lowerdir', &(0x7f0000000100)='{\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r6 = syz_open_dev$ptys(0xc, 0x3, 0x1) syz_open_pts(r6, 0xa0000) rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') 2.861456341s ago: executing program 0 (id=1595): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f00000001c0)={0x0, 'vlan0\x00', {0x1}, 0x8}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8040) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(0x0, 0xd21, 0x4000) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x0, 0x0) r2 = epoll_create(0x3) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x40000002}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000580)=ANY=[], 0x21e) syz_open_dev$vbi(0x0, 0x0, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sysfs$1(0x1, &(0x7f0000000000)='ocfs2\x00') openat$sequencer(0xffffff9c, &(0x7f0000001bc0), 0x88302, 0x0) ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) gettid() r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r3, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000340)=""/113, 0x71}, {0x0}, {&(0x7f0000000100)=""/98, 0x62}, {&(0x7f00000003c0)=""/100, 0x64}, {&(0x7f00000006c0)=""/200, 0xc8}, {&(0x7f0000000440)=""/67, 0x43}], 0x9}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x5, 0x0, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) timer_create(0x2, 0x0, 0x0) sendfile(r5, r4, &(0x7f0000002080)=0x64, 0x21c) 2.506294667s ago: executing program 1 (id=1600): bind$alg(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$nmem0(0xffffff9c, &(0x7f0000000000), 0x4080, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000040)=@pptp={0x18, 0x2, {0x0, @private=0xa010101}}, 0x80, &(0x7f0000000180)=[{&(0x7f00000000c0)="679138bdf26f48cf14205b1b12e088d258ca21a5e9427bc660376fb4e8e94269d2e279a2f1ecff7ed90ddd877ba9c30c3e7973764f4f34ce3c537a32154a8b79da7027e4cb44514623b59efdd3d8095551e8d61778b1e3a37e08327a93578dc6e2b83eb04ac6f652", 0x68}, {&(0x7f00000003c0)="48a21cc71ded3d5c48a4b630468707c2bcf2b86428d5881816208ef31e414a1848d181e0c52be28a40f5acfdade83ce989da1e733e828bb5f969b87eefd86bde8816b17016dd60305a736bb939a3fd82c01f1f5c60f841dd7e8187bdd07c33d309070ce1f15c45821d21ac2c316dd6148153bebac8dfe54156611f6509f0caa903fda662b74a940050a34a51c5", 0x8d}, {&(0x7f0000000500)="2d92bee34523ab2e72b1ab19d6852f9dbddc6a19cee59d46b1d099a0a1e4b4176ccba3d16f0238666879427594e8900bb12f5990d13a589774895cf5e9f0a3c288f1894f2f20d07a891afb72f62d8ce42a5289d812353c3acdcb7f4f16c9a5eb3d20b6701b3d4f0bf739b8a0d6e581e4eddbb80289b365eb2fe5cd01c2dd28964a89edc629e8ceda050c15a379edbd1d0e4111496abc545641b606f59655734ebf812fb1a5436ff069cfe646b6d5d63270d22bd2180f128d102fe2efbb91ade92cc2272e63bb4a9a445ce8d4d4a5783ed50e42e46064aade50e1e88f87530700f1e1b0ebd7d91d9b429381", 0xeb}, {&(0x7f0000000140)='*\n', 0x2}, {&(0x7f0000000600)="c502d5cd82d64efa124ee6cb1b1a5efcc156b3d9bbe20bb5e566dbaf821f48c4c2b456d7f9d74ca511a1a5460c08416bae0caf5683e7433a5921e8786d2091f99aed1b24603d2cd8476a498d0a06c327bbc80c6e4f4b0ba6740163a3d46a5165b3c2f0c3b35704a4b598b27bf65c70dbf140a36efa2d3d144e633624c0fe1da989c9e55ef4f53ab57e010e5435ccd71d21d56c2d08", 0x95}, {&(0x7f00000006c0)="4cdacfbbaf11f34cf905a25b44295540e4dfcc67ef3359cd8a23dbe4392185074c194cf37021988a84038d1a86691bb28ac5be0751c5c860f2b5d14dc3d8d625350b391ef68b4889451ba118923efb8d2f5bdc6734308e736bb9e97cc1ffdfd407d0d16b50d272c17616ba635d91ee902f5fd8ebb3e5f055d3488d8bc6ec8fcde9ebbac55332cccf129fb7e3342e4ec4ee88645e70a23fa424bbf633557a5e0a768dd4784f1415235d0b523274a5936f6bc7f7fcf9c1df4bc27ad25d7ac25c91e23735f39007ad25de055d0dbff2965c6c8dc94fd1672835aad76e1f3664031d7a3bc74f", 0xe4}], 0x6, &(0x7f0000000880)=[{0x24, 0x1, 0x7fff, "4e918ca2ef188c024cc76e37af4967911a05652667ef5c2d"}, {0xa8, 0x1, 0xa, "427c19d61de55f25c737116bb09241bc31dfc06016b205a1d51e15be373091d808a5c1539911c021bc896f46a3f52c7ecae9a51abd7da8a5d8e71333cf697f780fb32dea7b1e9f539e061d18fa767541d7de280e3fbe7705d56b5c43202bd1012466ba86aacd2c77354704360a5c8510c26ee35b1a9bf6cf7f897a98a3f1165afa32ceea5128901722999400a2337ee423058865d4843663ed91"}, {0x18, 0x102, 0xffff2f09, "0b6ef101cedc57a44d98"}, {0xfc, 0x0, 0x9, "046f7c91de18f0caa87bc3483d4c6e192bebea00af67f7820a15be2081d3587a3d7597592d61d162041fff9eab856f22863cdc34b06289f4477e1a93f59b21c88ce130fccb7c4fad38af1331e053fc95074e056cdd8974e903db60ea8d620d031dad71832e5a43f019f038553a7f364e3a62d28b1f488e4b75a0bd98c37c6fcd499f9f55d2229a998cf2b3b7cfe3e15ccc721556892ea573e0377dd384082dcf43ccfbb90d4761447e51eeb750b442c35c8527f4d40d14e8de01fa050c87d024e602783f311ef3721b048ac2998f2f39a09f16d3e67c8f231d477d75fc34d3c1f250ddee0526d4640b6abd6235e5a7"}, {0xa4, 0x29, 0x5, "566ae35aa5e7be322becdb230e42c396a65a9a8d5783dabe160f337413463e8f960327a6adeeadbd50a6e03404e2558c80a39399d1e86e9d9b80e98ca20665d170e7f69ba5474e6e48b6ae912b24e68529b64f8786a3cfee6ae68d098a6fe60aa43cdc80b1bb25cbb126738c13ee78077e162739c634d38dc7844f6d4e250aced02351a4cb0bd83d53efd4d7e7b6c6fbbf074eb2c9e19634"}, {0x30, 0x115, 0x4, "314913857c9f488ceb736e8eca3b1849e983164ae901228c5ccfbf4d02199c67acef8146"}], 0x2b4}, 0x20000000) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = dup(0xffffffffffffffff) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x1000000}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd, 0x0, 0x0, 0x0, {}, 0x1}) r5 = syz_open_procfs(0x0, &(0x7f0000000300)='task\x00') getdents(r5, 0xffffffffffffffff, 0x5a) chdir(&(0x7f00000001c0)='./file0\x00') bind$tipc(0xffffffffffffffff, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) 2.505284934s ago: executing program 1 (id=1601): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mlock(&(0x7f0000fff000/0x1000)=nil, 0x1000) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000001a000100000000000000000002002000", @ANYRES32=0x0, @ANYRESOCT=r0], 0x24}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000100)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r5 = fspick(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f00000000c0)='lowerdir', &(0x7f0000000100)='{\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r6 = syz_open_dev$ptys(0xc, 0x3, 0x1) syz_open_pts(r6, 0xa0000) rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') 2.417084175s ago: executing program 2 (id=1603): sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x3c, 0x0, 0xb01, 0x50bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfff}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xa87800b}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xffffff28}, @BATADV_ATTR_ISOLATION_MASK={0x8}]}, 0x3c}}, 0x0) r0 = mq_open(&(0x7f00000000c0)='${$\x00', 0x840, 0x0, 0x0) r1 = syz_io_uring_setup(0x9e, &(0x7f0000000700)={0x0, 0x3ca9, 0x10, 0x0, 0x10002da}, &(0x7f0000000280)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x6, &(0x7f0000000380), 0x0, 0x4}) r4 = openat$ipvs(0xffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r6 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}}, 0x24}}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd26, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x0, 0xd}, {}, {0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40, 0x6, 0x20000000, 0xea, 0x100004}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x2}}]}, 0x8c}, 0x1, 0x2000000, 0x0, 0x10}, 0x20000000) ioctl$USBDEVFS_IOCTL(r4, 0xc00c5512, &(0x7f0000000240)=@usbdevfs_disconnect={0x7}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x18, 0x2d, 0x9, 0x70bd27, 0x4000000, {0x4}, [@typed={0x4, 0x1d}]}, 0x18}, 0x1, 0x0, 0x0, 0x42804}, 0x84) 2.384930582s ago: executing program 3 (id=1604): setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket(0x840000000002, 0x3, 0xff) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') read$FUSE(r1, &(0x7f0000002a80)={0x2020}, 0x2020) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000040)={0x2}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_STATION(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x30, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x34) r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x206, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r6, 0xc0405602, &(0x7f0000000080)={0x50, 0x2, 0x1, "b43d70dde5dbbbe40f00f401bbe6c9000000c67f00", 0x30324c4a}) 2.315099436s ago: executing program 2 (id=1605): socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$smc(&(0x7f0000000200), r0) syz_io_uring_setup(0x70e4, &(0x7f0000000800)={0x0, 0x0, 0x10100}, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x2, 0x200008, 0x5, 0x20000}, 0x10}, 0x94) r1 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="280000001000010800e000000000000002000000", @ANYRES32=0x0, @ANYBLOB="b40200000000000008001b"], 0x28}}, 0x0) 2.275612889s ago: executing program 3 (id=1606): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = openat$hwrng(0xffffff9c, &(0x7f0000000040), 0x103080, 0x0) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f0000000100)=""/127) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x60000, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000080)=0x74000000) write$dsp(r2, &(0x7f0000002000)='`', 0x88020) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f000052e000/0x3000)=nil, 0x3000, 0x10) 1.96342683s ago: executing program 0 (id=1607): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x24, 0x4, 0x8, 0x5, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x3b}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x888e}]}, 0x24}}, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$kvm(0x0, &(0x7f0000000080), 0xc6ec2, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1}) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) sendmsg$inet(r4, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x4000080) socket$alg(0x26, 0x5, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x20a01, 0x0) ioctl$TIOCSSOFTCAR(r5, 0x541a, &(0x7f0000000000)) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000040042800c0001800600060090390000100002800c000300080009"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) socket$nl_xfrm(0x10, 0x3, 0x6) r7 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3) r8 = syz_pidfd_open(0x0, 0x0) r9 = pidfd_getfd(r8, r8, 0x0) name_to_handle_at(r9, &(0x7f0000000040)='./file7/file0\x00', &(0x7f00000000c0)=ANY=[], 0x0, 0x1200) sendmsg$IPSET_CMD_LIST(r9, &(0x7f0000000640)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="580000000706010200000000000800000300000a0900020073797a300000000005000100070000000900020073797a310000000005000100070000000900020073797a300000000005000100070000000800064004000005"], 0x58}, 0x1, 0x0, 0x0, 0x40040c1}, 0x4000003) openat$ocfs2_control(0xffffff9c, &(0x7f0000000040), 0x94000, 0x0) write$binfmt_misc(r7, &(0x7f0000000740), 0xff67) fcntl$addseals(r7, 0x409, 0x8) 1.871550102s ago: executing program 2 (id=1608): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') move_mount(r0, &(0x7f00000000c0)='./mnt\x00', r0, 0x0, 0x271) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi1\x00', 0x5a8481, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a09040000000000000000020000000900020073797a32000000000900010073797a30000000002c00048028000180090001006c617374000000001800028008000140000000800c00024000000000000000f2140000001100010000000000000000000000000af48ac53f64ca9b6a64a201d127cefd2064ec"], 0x80}, 0x1, 0x0, 0x0, 0x20000091}, 0x0) dup(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, 0x0) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000100)={0x0, 0xae, "e1d3ed9f85414116df0c4d78b619244a23ddc467be12cc42003ab6af9d8f4acd17e59c0047517bffd447a36b6839997beffc21487cf8d90e2d1ebfbefe9193c9c3345f2f76005b8ce4165ebcc54ffedbfc8b73fd68e83393ca72c798440e9f2225805aee0fa10db46063df852959e6b6b10890d05770274128aa0eb2f2821ca84c8e90b979ae4e48d54d411d7fa529828a0e51d822d1c49533205cb510979eaf33f95b9d694672623a0140d29a0e"}, &(0x7f00000001c0)=0xb6) 1.805730075s ago: executing program 2 (id=1609): bind$alg(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$nmem0(0xffffff9c, &(0x7f0000000000), 0x4080, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000040)=@pptp={0x18, 0x2, {0x0, @private=0xa010101}}, 0x80, &(0x7f0000000180)=[{&(0x7f00000000c0)="679138bdf26f48cf14205b1b12e088d258ca21a5e9427bc660376fb4e8e94269d2e279a2f1ecff7ed90ddd877ba9c30c3e7973764f4f34ce3c537a32154a8b79da7027e4cb44514623b59efdd3d8095551e8d61778b1e3a37e08327a93578dc6e2b83eb04ac6f652", 0x68}, {&(0x7f00000003c0)="48a21cc71ded3d5c48a4b630468707c2bcf2b86428d5881816208ef31e414a1848d181e0c52be28a40f5acfdade83ce989da1e733e828bb5f969b87eefd86bde8816b17016dd60305a736bb939a3fd82c01f1f5c60f841dd7e8187bdd07c33d309070ce1f15c45821d21ac2c316dd6148153bebac8dfe54156611f6509f0caa903fda662b74a940050a34a51c5", 0x8d}, {&(0x7f0000000500)="2d92bee34523ab2e72b1ab19d6852f9dbddc6a19cee59d46b1d099a0a1e4b4176ccba3d16f0238666879427594e8900bb12f5990d13a589774895cf5e9f0a3c288f1894f2f20d07a891afb72f62d8ce42a5289d812353c3acdcb7f4f16c9a5eb3d20b6701b3d4f0bf739b8a0d6e581e4eddbb80289b365eb2fe5cd01c2dd28964a89edc629e8ceda050c15a379edbd1d0e4111496abc545641b606f59655734ebf812fb1a5436ff069cfe646b6d5d63270d22bd2180f128d102fe2efbb91ade92cc2272e63bb4a9a445ce8d4d4a5783ed50e42e46064aade50e1e88f87530700f1e1b0ebd7d91d9b429381", 0xeb}, {&(0x7f0000000140)='*\n', 0x2}, {&(0x7f0000000600)="c502d5cd82d64efa124ee6cb1b1a5efcc156b3d9bbe20bb5e566dbaf821f48c4c2b456d7f9d74ca511a1a5460c08416bae0caf5683e7433a5921e8786d2091f99aed1b24603d2cd8476a498d0a06c327bbc80c6e4f4b0ba6740163a3d46a5165b3c2f0c3b35704a4b598b27bf65c70dbf140a36efa2d3d144e633624c0fe1da989c9e55ef4f53ab57e010e5435ccd71d21d56c2d08", 0x95}, {&(0x7f00000006c0)="4cdacfbbaf11f34cf905a25b44295540e4dfcc67ef3359cd8a23dbe4392185074c194cf37021988a84038d1a86691bb28ac5be0751c5c860f2b5d14dc3d8d625350b391ef68b4889451ba118923efb8d2f5bdc6734308e736bb9e97cc1ffdfd407d0d16b50d272c17616ba635d91ee902f5fd8ebb3e5f055d3488d8bc6ec8fcde9ebbac55332cccf129fb7e3342e4ec4ee88645e70a23fa424bbf633557a5e0a768dd4784f1415235d0b523274a5936f6bc7f7fcf9c1df4bc27ad25d7ac25c91e23735f39007ad25de055d0dbff2965c6c8dc94fd1672835aad76e1f3664031d7a3bc74f", 0xe4}], 0x6, &(0x7f0000000880)=[{0x24, 0x1, 0x7fff, "4e918ca2ef188c024cc76e37af4967911a05652667ef5c2d"}, {0xa8, 0x1, 0xa, "427c19d61de55f25c737116bb09241bc31dfc06016b205a1d51e15be373091d808a5c1539911c021bc896f46a3f52c7ecae9a51abd7da8a5d8e71333cf697f780fb32dea7b1e9f539e061d18fa767541d7de280e3fbe7705d56b5c43202bd1012466ba86aacd2c77354704360a5c8510c26ee35b1a9bf6cf7f897a98a3f1165afa32ceea5128901722999400a2337ee423058865d4843663ed91"}, {0x18, 0x102, 0xffff2f09, "0b6ef101cedc57a44d98"}, {0xfc, 0x0, 0x9, "046f7c91de18f0caa87bc3483d4c6e192bebea00af67f7820a15be2081d3587a3d7597592d61d162041fff9eab856f22863cdc34b06289f4477e1a93f59b21c88ce130fccb7c4fad38af1331e053fc95074e056cdd8974e903db60ea8d620d031dad71832e5a43f019f038553a7f364e3a62d28b1f488e4b75a0bd98c37c6fcd499f9f55d2229a998cf2b3b7cfe3e15ccc721556892ea573e0377dd384082dcf43ccfbb90d4761447e51eeb750b442c35c8527f4d40d14e8de01fa050c87d024e602783f311ef3721b048ac2998f2f39a09f16d3e67c8f231d477d75fc34d3c1f250ddee0526d4640b6abd6235e5a7"}, {0xa4, 0x29, 0x5, "566ae35aa5e7be322becdb230e42c396a65a9a8d5783dabe160f337413463e8f960327a6adeeadbd50a6e03404e2558c80a39399d1e86e9d9b80e98ca20665d170e7f69ba5474e6e48b6ae912b24e68529b64f8786a3cfee6ae68d098a6fe60aa43cdc80b1bb25cbb126738c13ee78077e162739c634d38dc7844f6d4e250aced02351a4cb0bd83d53efd4d7e7b6c6fbbf074eb2c9e19634"}, {0x30, 0x115, 0x4, "314913857c9f488ceb736e8eca3b1849e983164ae901228c5ccfbf4d02199c67acef8146"}], 0x2b4}, 0x20000000) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = dup(0xffffffffffffffff) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x1000000}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd, 0x0, 0x0, 0x0, {}, 0x1}) r5 = syz_open_procfs(0x0, &(0x7f0000000300)='task\x00') getdents(r5, 0xffffffffffffffff, 0x5a) chdir(&(0x7f00000001c0)='./file0\x00') bind$tipc(0xffffffffffffffff, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) 1.680435576s ago: executing program 2 (id=1610): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x0, 0x0, 0x1d}, &(0x7f0000000840)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x2000, 0x1}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46) 1.545482687s ago: executing program 2 (id=1611): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000a00)={@link_local, @local, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x18, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_na={0x88, 0x0, 0x0, 0x4, '\x00', @private1={0xfc, 0x1, '\x00', 0x1}}}}}}}, 0x0) r3 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000280)='.log\x00', 0x121000, 0x40) r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) preadv2(r4, &(0x7f0000003680)=[{&(0x7f0000000440)=""/29, 0x1d}], 0x1, 0x2, 0x0, 0x1) ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r3, 0x4068aea3, &(0x7f0000000340)={0xed, 0x0, 0x2}) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r6, 0x4068aea3, &(0x7f0000000040)) ioctl$KVM_RESET_DIRTY_RINGS(r5, 0xaec7) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="052abd7000040000000000000000000000000000c8c3e65bab78e62711eb", @ANYRES32=0x0, @ANYBLOB="00000000a00102001c0012800b000100697036746e6c00000c0002800500090089000000"], 0x3c}, 0x1, 0x0, 0x0, 0x24004100}, 0x4840) getsockopt(r0, 0xff, 0x1, 0x0, &(0x7f00000002c0)=0xfffffffffffffecd) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000300), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, r7) r8 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$6lowpan_control(r8, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x19) 1.367061811s ago: executing program 0 (id=1612): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x24, r1, 0x8, 0x70bd2b, 0x0, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x0, 0x3e, 0xb}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0xff}]}, 0xc}, 0x1, 0x0, 0x0, 0x4004}, 0x80) (async) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000000)=ANY=[@ANYBLOB="28280063ce1bbb628de9a306009273ef68c94e198fd2d5e9", @ANYRES16=r1, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r2, @ANYBLOB], 0x28}}, 0x0) 1.315950731s ago: executing program 0 (id=1613): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/19], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$kcm(0x10, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) socket$netlink(0x10, 0x3, 0x15) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x30, r7, 0x7, 0x7c, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x4}]}, 0x30}}, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYRESDEC=0x0, @ANYRESDEC=0x0]) read$FUSE(0xffffffffffffffff, &(0x7f0000006300)={0x2020}, 0x2020) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYRES64=r0], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4004004) sendmsg$nl_netfilter(r8, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={0x0, 0x3ac}, 0x1, 0x0, 0x0, 0x800}, 0x8008000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a001000000002800000128cd8", 0x2f}], 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) 1.078005703s ago: executing program 1 (id=1614): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000780)={0x24, 0x3e, 0x107, 0x70bd2d, 0x25dfdbfc, {0x4, 0x7c}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x9, 0x0, 0x0, @pid}]}]}, 0x24}, 0x1, 0x0, 0x40000000, 0x20040000}, 0x44000) 1.076267474s ago: executing program 1 (id=1615): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000001a000100000000000000000002002000", @ANYRES32=0x0, @ANYRESOCT=r0], 0x24}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000100)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r5 = fspick(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f00000000c0)='lowerdir', &(0x7f0000000100)='{\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r6 = syz_open_dev$ptys(0xc, 0x3, 0x1) syz_open_pts(r6, 0xa0000) rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') 133.094061ms ago: executing program 1 (id=1616): r0 = socket$inet6(0xa, 0x1, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000080)={0x1, 0xfffa, 0x4, 0x4, 0x3, 0xb2, 0x5}, 0xc) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r2}, 0x10) openat$zero(0xffffff9c, &(0x7f00000000c0), 0x450040, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x100, 0x1}, 0x50) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000340)) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r4}, 0xc) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000e, 0x204031, 0xffffffffffffffff, 0xd0c6f000) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) connect$bt_l2cap(r1, &(0x7f0000000700)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1}, 0xe) sendmmsg$inet(r1, &(0x7f0000002d40)=[{{0x0, 0x0, &(0x7f0000002c80)=[{&(0x7f0000000800)="d7", 0x1}], 0x1}}], 0x1, 0x40004) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0) fcntl$setlease(r5, 0x400, 0x0) r6 = syz_clone(0x0, 0x0, 0xfffffffffffffead, 0x0, 0x0, 0x0) ptrace(0x10, r6) ptrace(0x8, r6) ioctl$BTRFS_IOC_DEV_REPLACE(r5, 0xca249435, &(0x7f0000000840)={0x2, 0x9, @status={[0x3, 0x3, 0x171be781, 0x1ff, 0x1, 0x9]}, [0xfffffffffffff80e, 0x5, 0x400, 0x5, 0x4, 0x8, 0x9, 0x8, 0x1, 0xffffffffffffffff, 0x4ed, 0x2, 0x6, 0xf, 0x6, 0x8, 0x8, 0x9, 0x7, 0x7f, 0x4, 0x1000, 0x100000001, 0x81, 0x1, 0xffffffff, 0x3, 0x6, 0x0, 0x0, 0x2, 0x40, 0x8001, 0x1, 0x3, 0x17, 0x65, 0x3, 0xbe34, 0xd96, 0x8fd, 0x2a, 0x3, 0x2, 0x10000, 0x5, 0xbc, 0x7, 0xe, 0x0, 0x3, 0x5, 0x8000, 0x5938b108, 0x1, 0x8, 0x0, 0x3, 0x9, 0x7ff, 0x12e, 0x6, 0x8, 0x2]}) unlink(&(0x7f0000000180)='./file1\x00') getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, &(0x7f0000000080)=0x2d) 0s ago: executing program 1 (id=1617): setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x36, r1, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0) kernel console output (not intermixed with test programs): ed allmulticast mode [ 169.504777][ T9162] gretap0: entered allmulticast mode [ 169.507559][ T9162] erspan0: entered allmulticast mode [ 169.510231][ T9162] ip_vti0: entered allmulticast mode [ 169.512526][ T9162] ip6_vti0: entered allmulticast mode [ 169.515371][ T9162] sit0: entered allmulticast mode [ 169.518348][ T9162] ip6tnl0: entered allmulticast mode [ 169.524039][ T9162] ip6gre0: entered allmulticast mode [ 169.527874][ T9162] syz_tun: entered allmulticast mode [ 169.531229][ T9162] ip6gretap0: entered allmulticast mode [ 169.534508][ T9162] bridge0: port 3(team0) entered disabled state [ 169.536540][ T9162] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.538839][ T9162] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.541279][ T9162] bridge0: entered allmulticast mode [ 169.544799][ T9162] vcan0: entered allmulticast mode [ 169.547488][ T9162] bond0: entered allmulticast mode [ 169.549577][ T9162] bond_slave_0: entered allmulticast mode [ 169.551709][ T9162] bond_slave_1: entered allmulticast mode [ 169.559351][ T9162] dummy0: entered allmulticast mode [ 169.563799][ T9162] nlmon0: entered allmulticast mode [ 169.566546][ T9162] caif0: entered allmulticast mode [ 169.568310][ T9162] batadv0: entered allmulticast mode [ 169.572541][ T9162] vxcan0: entered allmulticast mode [ 169.575520][ T9162] vxcan1: entered allmulticast mode [ 169.577927][ T9162] veth0: entered allmulticast mode [ 169.581456][ T9162] veth1: entered allmulticast mode [ 169.589416][ T9162] wg0: entered allmulticast mode [ 169.594813][ T9162] wg1: entered allmulticast mode [ 169.602377][ T9162] wg2: left promiscuous mode [ 169.604447][ T9162] wg2: entered allmulticast mode [ 169.607771][ T9162] veth0_to_bridge: entered allmulticast mode [ 169.614694][ T9162] veth1_to_bridge: entered allmulticast mode [ 169.619447][ T9162] veth0_to_bond: entered allmulticast mode [ 169.622895][ T9162] veth1_to_bond: entered allmulticast mode [ 169.627384][ T9162] veth0_to_team: entered allmulticast mode [ 169.631030][ T9162] veth1_to_team: entered allmulticast mode [ 169.644285][ T9162] veth0_to_batadv: entered allmulticast mode [ 169.654767][ T9162] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 169.657476][ T9162] batadv_slave_0: entered allmulticast mode [ 169.660367][ T9162] veth1_to_batadv: entered allmulticast mode [ 169.662924][ T9162] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 169.683580][ T9162] batadv_slave_1: entered allmulticast mode [ 169.688776][ T9162] xfrm0: entered allmulticast mode [ 169.694321][ T9162] veth0_to_hsr: entered allmulticast mode [ 169.696951][ T9162] hsr_slave_0: entered allmulticast mode [ 169.701362][ T9162] veth1_to_hsr: entered allmulticast mode [ 169.708689][ T9162] hsr_slave_1: entered allmulticast mode [ 169.713868][ T9162] hsr0: entered allmulticast mode [ 169.717407][ T9162] veth1_virt_wifi: entered allmulticast mode [ 169.724808][ T9162] veth0_virt_wifi: entered allmulticast mode [ 169.734251][ T9162] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 169.744299][ T9162] veth0_vlan: entered allmulticast mode [ 169.758085][ T9162] vlan0: entered allmulticast mode [ 169.759825][ T9162] vlan1: entered allmulticast mode [ 169.763947][ T9162] macvlan0: entered allmulticast mode [ 169.774794][ T9162] macvlan1: entered allmulticast mode [ 169.780679][ T9162] ipvlan0: entered allmulticast mode [ 169.782956][ T9162] ipvlan1: entered allmulticast mode [ 169.785181][ T9162] veth1_macvtap: entered allmulticast mode [ 169.794367][ T9162] veth0_macvtap: entered allmulticast mode [ 169.819924][ T9173] syz.3.904 (9173): drop_caches: 2 [ 169.825612][ T9173] syz.3.904 (9173): drop_caches: 2 [ 169.834928][ T9162] macvtap0: entered allmulticast mode [ 169.850083][ T9162] macsec0: entered allmulticast mode [ 169.865897][ T9162] geneve0: entered allmulticast mode [ 169.886654][ T9162] geneve1: entered allmulticast mode [ 169.890999][ T9162] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 169.895776][ T9162] netdevsim netdevsim1 netdevsim1: entered allmulticast mode [ 169.900555][ T9162] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 169.906131][ T9162] netdevsim netdevsim1 netdevsim3: entered allmulticast mode [ 169.914403][ T9162] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 169.922155][ T9162] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 169.926378][ T9162] vlan0.1: entered allmulticast mode [ 169.933673][ T9162] geneve2: left promiscuous mode [ 169.944252][ T9162] bond1: entered allmulticast mode [ 169.946761][ T9162] ip6tnl1: entered allmulticast mode [ 169.950567][ T92] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.956976][ T92] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0 [ 169.963165][ T92] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.966497][ T92] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0 [ 169.969379][ T92] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.972301][ T92] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0 [ 169.975417][ T92] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.978310][ T92] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0 [ 170.263476][ T63] Bluetooth: hci1: command 0x0406 tx timeout [ 170.263547][ T5988] Bluetooth: hci2: command 0x0406 tx timeout [ 170.433741][ T9182] block nbd1: shutting down sockets [ 170.601474][ T9188] bond0: entered promiscuous mode [ 170.603082][ T9188] bond_slave_0: entered promiscuous mode [ 170.605948][ T9188] bond_slave_1: entered promiscuous mode [ 170.609147][ T9188] batadv0: entered promiscuous mode [ 170.611687][ T9188] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 170.615741][ T9188] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 170.620043][ T9188] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 171.330443][ T9195] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 171.463395][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 171.466022][ T9158] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 171.582589][ T9199] vxfs: WRONG superblock magic 00000000 at 1 [ 171.585806][ T9199] vxfs: WRONG superblock magic 00000000 at 8 [ 171.588435][ T9199] vxfs: can't find superblock. [ 171.820781][ T9203] syz.0.913 (9203): drop_caches: 2 [ 171.822616][ T9203] syz.0.913 (9203): drop_caches: 2 [ 172.403570][ T9213] block nbd1: shutting down sockets [ 172.519665][ T40] audit: type=1326 audit(1755817024.523:1822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.1.918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 172.526806][ T40] audit: type=1326 audit(1755817024.523:1823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.1.918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 172.533585][ T40] audit: type=1326 audit(1755817024.523:1824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.1.918" exe="/syz-executor" sig=0 arch=40000003 syscall=330 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 172.540335][ T40] audit: type=1326 audit(1755817024.523:1825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.1.918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 172.547558][ T40] audit: type=1326 audit(1755817024.523:1826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.1.918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 172.554367][ T40] audit: type=1326 audit(1755817024.523:1827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.1.918" exe="/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 172.560811][ T40] audit: type=1326 audit(1755817024.523:1828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.1.918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 172.573010][ T40] audit: type=1326 audit(1755817024.523:1829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.1.918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 172.584346][ T40] audit: type=1326 audit(1755817024.523:1830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.1.918" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 172.591850][ T40] audit: type=1326 audit(1755817024.523:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9214 comm="syz.1.918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 172.630495][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.1.923'. [ 172.838447][ T9234] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 173.175746][ T9242] syz.3.927 (9242): drop_caches: 2 [ 173.180981][ T9242] syz.3.927 (9242): drop_caches: 2 [ 173.513813][ T9244] block nbd2: shutting down sockets [ 173.731539][ T9248] fuse: Unknown parameter 'group_id00000000000000000000' [ 173.738158][ T9248] rdma_rxe: rxe_newlink: failed to add lo [ 173.910866][ T9255] netlink: 'syz.3.931': attribute type 13 has an invalid length. [ 173.914434][ T9255] netlink: 'syz.3.931': attribute type 17 has an invalid length. [ 174.076333][ T9255] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.080224][ T9255] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 174.242259][ T9268] vivid-006: disconnect [ 175.002895][ T9267] vivid-006: reconnect [ 175.148971][ T9275] ceph: Path missing in source [ 175.157539][ T9275] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 175.160380][ T9275] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 175.315186][ T9278] netlink: 8 bytes leftover after parsing attributes in process `syz.1.938'. [ 175.492587][ T9280] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 175.854249][ T9282] block nbd3: shutting down sockets [ 175.943385][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 175.946384][ T9253] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 176.065727][ T9287] syz.3.940 (9287): drop_caches: 2 [ 176.067937][ T9287] syz.3.940 (9287): drop_caches: 2 [ 176.182277][ T9289] FAULT_INJECTION: forcing a failure. [ 176.182277][ T9289] name failslab, interval 1, probability 0, space 0, times 0 [ 176.187949][ T9289] CPU: 3 UID: 0 PID: 9289 Comm: syz.1.941 Not tainted syzkaller #0 PREEMPT(full) [ 176.187973][ T9289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 176.187984][ T9289] Call Trace: [ 176.187989][ T9289] [ 176.187996][ T9289] dump_stack_lvl+0x16c/0x1f0 [ 176.188021][ T9289] should_fail_ex+0x512/0x640 [ 176.188045][ T9289] should_failslab+0xc2/0x120 [ 176.188068][ T9289] __kmalloc_cache_noprof+0x6a/0x3e0 [ 176.188085][ T9289] ? sctp_add_bind_addr+0xae/0x3f0 [ 176.188103][ T9289] sctp_add_bind_addr+0xae/0x3f0 [ 176.188120][ T9289] sctp_copy_local_addr_list+0x349/0x550 [ 176.188142][ T9289] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 176.188162][ T9289] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 176.188184][ T9289] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 176.188210][ T9289] sctp_bind_addr_copy+0xe0/0x530 [ 176.188229][ T9289] sctp_connect_new_asoc+0x1c9/0x770 [ 176.188253][ T9289] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 176.188277][ T9289] ? rcu_is_watching+0x12/0xc0 [ 176.188294][ T9289] ? sctp_sendmsg+0xd3c/0x1e10 [ 176.188315][ T9289] ? rcu_is_watching+0x12/0xc0 [ 176.188330][ T9289] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 176.188355][ T9289] sctp_sendmsg+0x1560/0x1e10 [ 176.188381][ T9289] ? __pfx_sctp_sendmsg+0x10/0x10 [ 176.188403][ T9289] ? __pfx___might_resched+0x10/0x10 [ 176.188421][ T9289] ? aa_sk_perm+0x2f4/0xb10 [ 176.188444][ T9289] ? __pfx_aa_sk_perm+0x10/0x10 [ 176.188467][ T9289] ? __pfx_sctp_sendmsg+0x10/0x10 [ 176.188489][ T9289] inet_sendmsg+0x11c/0x140 [ 176.188506][ T9289] __sys_sendto+0x43c/0x520 [ 176.188526][ T9289] ? __pfx___sys_sendto+0x10/0x10 [ 176.188552][ T9289] ? ksys_write+0x1ac/0x250 [ 176.188571][ T9289] ? __pfx_ksys_write+0x10/0x10 [ 176.188590][ T9289] __ia32_sys_sendto+0xdd/0x1b0 [ 176.188608][ T9289] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 176.188633][ T9289] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 176.188676][ T9289] __do_fast_syscall_32+0x7c/0x3a0 [ 176.188701][ T9289] do_fast_syscall_32+0x32/0x80 [ 176.188723][ T9289] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 176.188744][ T9289] RIP: 0023:0xf7f35579 [ 176.188756][ T9289] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 176.188773][ T9289] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 176.188789][ T9289] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800016c0 [ 176.188800][ T9289] RDX: 0000000000000001 RSI: 0000000004008090 RDI: 0000000080001780 [ 176.188810][ T9289] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 176.188820][ T9289] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 176.188830][ T9289] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 176.188845][ T9289] [ 176.365855][ T9293] netlink: 8 bytes leftover after parsing attributes in process `syz.1.950'. [ 176.714494][ T9294] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 176.849514][ T9301] syz.0.943 (9301): drop_caches: 2 [ 176.852090][ T9301] syz.0.943 (9301): drop_caches: 2 [ 177.907479][ T9317] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 177.997262][ T9318] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 178.403720][ T9324] block nbd2: shutting down sockets [ 178.523351][ T9] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 178.554104][ T9326] netlink: 40 bytes leftover after parsing attributes in process `syz.2.952'. [ 178.692379][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.696234][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.699456][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 178.705005][ T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 178.707974][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.728132][ T9334] syz.0.953 (9334): drop_caches: 2 [ 178.728811][ T9] usb 6-1: config 0 descriptor?? [ 178.731977][ T9334] syz.0.953 (9334): drop_caches: 2 [ 179.201425][ T9320] netlink: 164 bytes leftover after parsing attributes in process `syz.1.949'. [ 179.204779][ T9320] netlink: 12 bytes leftover after parsing attributes in process `syz.1.949'. [ 179.361955][ T9340] netlink: 8 bytes leftover after parsing attributes in process `syz.2.955'. [ 179.543189][ T9345] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 179.961993][ T9351] syz.3.957 (9351): drop_caches: 2 [ 179.964304][ T9351] syz.3.957 (9351): drop_caches: 2 [ 180.884201][ T9360] block nbd3: shutting down sockets [ 180.913419][ T5980] Bluetooth: hci3: command 0x0405 tx timeout [ 180.962018][ T9362] input: syz1 as /devices/virtual/input/input22 [ 181.064443][ T9364] block nbd3: shutting down sockets [ 181.386354][ T9374] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 182.289736][ T9388] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 182.430179][ T9343] Bluetooth: hci3: Opcode 0x0401 failed: -4 [ 182.704888][ T9395] block nbd0: shutting down sockets [ 182.983468][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 183.109999][ T9408] netlink: 196 bytes leftover after parsing attributes in process `syz.3.975'. [ 183.113588][ T9408] netlink: 196 bytes leftover after parsing attributes in process `syz.3.975'. [ 183.117892][ T9408] netlink: 19 bytes leftover after parsing attributes in process `syz.3.975'. [ 184.054019][ T9] usbhid 6-1:0.0: can't add hid device: -32 [ 184.056107][ T9] usbhid 6-1:0.0: probe with driver usbhid failed with error -32 [ 184.092622][ T53] usb 6-1: USB disconnect, device number 11 [ 184.133955][ T9429] block nbd1: shutting down sockets [ 184.469447][ T9440] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 184.991101][ T9445] wireguard1: entered promiscuous mode [ 184.996434][ T9445] wireguard1: entered allmulticast mode [ 185.232473][ T9453] vxfs: WRONG superblock magic 00000000 at 1 [ 185.234931][ T9453] vxfs: WRONG superblock magic 00000000 at 8 [ 185.236949][ T9453] vxfs: can't find superblock. [ 185.562179][ T9457] netlink: 20 bytes leftover after parsing attributes in process `syz.3.987'. [ 185.863389][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 185.893450][ T9421] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 186.022065][ T9462] overlay: Unknown parameter 'uid' [ 186.027156][ T40] kauditd_printk_skb: 16 callbacks suppressed [ 186.027281][ T40] audit: type=1804 audit(1755817038.033:1848): pid=9462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.988" name="/newroot/239/bus/bus" dev="tmpfs" ino=1390 res=1 errno=0 [ 186.244381][ T9467] block nbd1: shutting down sockets [ 186.550077][ T9470] can: request_module (can-proto-0) failed. [ 186.629499][ T9477] 9pnet: Could not find request transport: virtÓ¬i?y{Ôio [ 187.234290][ T9491] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 188.004856][ T9503] block nbd2: shutting down sockets [ 188.351536][ T9512] FAULT_INJECTION: forcing a failure. [ 188.351536][ T9512] name failslab, interval 1, probability 0, space 0, times 0 [ 188.355622][ T9512] CPU: 1 UID: 0 PID: 9512 Comm: syz.2.1002 Not tainted syzkaller #0 PREEMPT(full) [ 188.355636][ T9512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 188.355643][ T9512] Call Trace: [ 188.355647][ T9512] [ 188.355650][ T9512] dump_stack_lvl+0x16c/0x1f0 [ 188.355667][ T9512] should_fail_ex+0x512/0x640 [ 188.355682][ T9512] ? io_cache_alloc_new+0x45/0xf0 [ 188.355697][ T9512] should_failslab+0xc2/0x120 [ 188.355710][ T9512] __kmalloc_noprof+0xd2/0x510 [ 188.355736][ T9512] io_cache_alloc_new+0x45/0xf0 [ 188.355751][ T9512] io_arm_apoll+0x88e/0xa60 [ 188.355765][ T9512] ? __pfx_io_arm_apoll+0x10/0x10 [ 188.355780][ T9512] io_arm_poll_handler+0x223/0x2b0 [ 188.355793][ T9512] io_queue_async+0xaf/0x330 [ 188.355804][ T9512] io_submit_sqes+0x1728/0x2590 [ 188.355819][ T9512] __do_sys_io_uring_enter+0xd6a/0x1630 [ 188.355833][ T9512] ? __fget_files+0x20e/0x3c0 [ 188.355854][ T9512] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 188.355869][ T9512] ? fput+0x9b/0xd0 [ 188.355883][ T9512] ? ksys_write+0x1ac/0x250 [ 188.355894][ T9512] ? __pfx_ksys_write+0x10/0x10 [ 188.355906][ T9512] ? rcu_is_watching+0x12/0xc0 [ 188.355917][ T9512] __do_fast_syscall_32+0x7c/0x3a0 [ 188.355932][ T9512] do_fast_syscall_32+0x32/0x80 [ 188.355945][ T9512] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 188.355959][ T9512] RIP: 0023:0xf7f17579 [ 188.355967][ T9512] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 188.355977][ T9512] RSP: 002b:00000000f53f455c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 188.355987][ T9512] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000003516 [ 188.355993][ T9512] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 188.355999][ T9512] RBP: 000000000000fff5 R08: 0000000000000000 R09: 0000000000000000 [ 188.356005][ T9512] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 188.356011][ T9512] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 188.356019][ T9512] [ 188.948593][ T9528] input: syz0 as /devices/virtual/input/input23 [ 189.650515][ T9535] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 189.824786][ T9541] block nbd0: shutting down sockets [ 189.937519][ T9547] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1012'. [ 190.061866][ T9549] FAULT_INJECTION: forcing a failure. [ 190.061866][ T9549] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 190.066077][ T9549] CPU: 2 UID: 0 PID: 9549 Comm: syz.2.1011 Not tainted syzkaller #0 PREEMPT(full) [ 190.066091][ T9549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 190.066098][ T9549] Call Trace: [ 190.066101][ T9549] [ 190.066106][ T9549] dump_stack_lvl+0x16c/0x1f0 [ 190.066123][ T9549] should_fail_ex+0x512/0x640 [ 190.066139][ T9549] _copy_from_user+0x2e/0xd0 [ 190.066155][ T9549] __sys_bpf+0x21d/0x4de0 [ 190.066171][ T9549] ? lock_release+0x201/0x2f0 [ 190.066185][ T9549] ? __pfx___sys_bpf+0x10/0x10 [ 190.066199][ T9549] ? ksys_write+0x190/0x250 [ 190.066211][ T9549] ? rcu_is_watching+0x12/0xc0 [ 190.066221][ T9549] ? lock_release+0x201/0x2f0 [ 190.066234][ T9549] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 190.066251][ T9549] ? fput+0x9b/0xd0 [ 190.066264][ T9549] ? ksys_write+0x1ac/0x250 [ 190.066275][ T9549] ? __pfx_ksys_write+0x10/0x10 [ 190.066287][ T9549] __ia32_sys_bpf+0x76/0xe0 [ 190.066303][ T9549] __do_fast_syscall_32+0x7c/0x3a0 [ 190.066317][ T9549] do_fast_syscall_32+0x32/0x80 [ 190.066330][ T9549] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 190.066343][ T9549] RIP: 0023:0xf7f17579 [ 190.066351][ T9549] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 190.066361][ T9549] RSP: 002b:00000000f541555c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 190.066372][ T9549] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000080000200 [ 190.066378][ T9549] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 190.066384][ T9549] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 190.066389][ T9549] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 190.066395][ T9549] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 190.066404][ T9549] [ 190.401190][ T9548] random: crng reseeded on system resumption [ 190.413830][ T9558] netlink: 'syz.1.1014': attribute type 29 has an invalid length. [ 190.416325][ T9558] netlink: 'syz.1.1014': attribute type 3 has an invalid length. [ 190.418828][ T9558] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1014'. [ 190.441761][ T9560] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 190.512263][ T9515] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 190.517599][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 191.104122][ T9576] block nbd2: shutting down sockets [ 191.276478][ T9585] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 191.278609][ T9585] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 191.281133][ T9585] vhci_hcd vhci_hcd.0: Device attached [ 191.733313][ T53] usb 41-1: new high-speed USB device number 3 using vhci_hcd [ 192.118193][ T9586] vhci_hcd: connection reset by peer [ 192.133528][ T1174] vhci_hcd: stop threads [ 192.134980][ T1174] vhci_hcd: release socket [ 192.136438][ T1174] vhci_hcd: disconnect device [ 192.294194][ T9595] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 192.399600][ T9599] FAULT_INJECTION: forcing a failure. [ 192.399600][ T9599] name failslab, interval 1, probability 0, space 0, times 0 [ 192.403564][ T9599] CPU: 2 UID: 0 PID: 9599 Comm: syz.3.1025 Not tainted syzkaller #0 PREEMPT(full) [ 192.403581][ T9599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 192.403598][ T9599] Call Trace: [ 192.403602][ T9599] [ 192.403606][ T9599] dump_stack_lvl+0x16c/0x1f0 [ 192.403623][ T9599] should_fail_ex+0x512/0x640 [ 192.403639][ T9599] should_failslab+0xc2/0x120 [ 192.403652][ T9599] __kmalloc_cache_noprof+0x6a/0x3e0 [ 192.403663][ T9599] ? ovs_ct_limit_cmd_set+0x30a/0xa90 [ 192.403680][ T9599] ovs_ct_limit_cmd_set+0x30a/0xa90 [ 192.403696][ T9599] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 192.403712][ T9599] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 192.403730][ T9599] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 192.403747][ T9599] genl_family_rcv_msg_doit+0x206/0x2f0 [ 192.403762][ T9599] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 192.403784][ T9599] ? bpf_lsm_capable+0x9/0x10 [ 192.403794][ T9599] ? security_capable+0x7e/0x260 [ 192.403804][ T9599] ? ns_capable+0xd7/0x110 [ 192.403816][ T9599] genl_rcv_msg+0x55c/0x800 [ 192.403831][ T9599] ? __pfx_genl_rcv_msg+0x10/0x10 [ 192.403846][ T9599] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 192.403863][ T9599] netlink_rcv_skb+0x155/0x420 [ 192.403876][ T9599] ? __pfx_genl_rcv_msg+0x10/0x10 [ 192.403891][ T9599] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 192.403909][ T9599] genl_rcv+0x28/0x40 [ 192.403922][ T9599] netlink_unicast+0x5aa/0x870 [ 192.403935][ T9599] ? __pfx_netlink_unicast+0x10/0x10 [ 192.403949][ T9599] ? __build_skb_around+0x278/0x3b0 [ 192.403960][ T9599] ? is_vmalloc_addr+0x86/0xa0 [ 192.403972][ T9599] netlink_sendmsg+0x8d1/0xdd0 [ 192.403986][ T9599] ? __pfx_netlink_sendmsg+0x10/0x10 [ 192.404000][ T9599] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 192.404012][ T9599] ____sys_sendmsg+0xa95/0xc70 [ 192.404028][ T9599] ? __pfx_____sys_sendmsg+0x10/0x10 [ 192.404047][ T9599] ? get_compat_msghdr+0x11a/0x170 [ 192.404066][ T9599] ? kstrtouint_from_user+0x13c/0x1d0 [ 192.404084][ T9599] ___sys_sendmsg+0x134/0x1d0 [ 192.404100][ T9599] ? get_pid_task+0xfc/0x250 [ 192.404119][ T9599] ? __pfx____sys_sendmsg+0x10/0x10 [ 192.404133][ T9599] ? rcu_is_watching+0x12/0xc0 [ 192.404148][ T9599] __sys_sendmsg+0x16d/0x220 [ 192.404161][ T9599] ? __pfx___sys_sendmsg+0x10/0x10 [ 192.404176][ T9599] ? rcu_is_watching+0x12/0xc0 [ 192.404190][ T9599] __do_fast_syscall_32+0x7c/0x3a0 [ 192.404210][ T9599] do_fast_syscall_32+0x32/0x80 [ 192.404227][ T9599] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 192.404246][ T9599] RIP: 0023:0xf7f34579 [ 192.404260][ T9599] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 192.404274][ T9599] RSP: 002b:00000000f541455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 192.404291][ T9599] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 192.404302][ T9599] RDX: 0000000000004010 RSI: 0000000000000000 RDI: 0000000000000000 [ 192.404310][ T9599] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 192.404316][ T9599] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 192.404322][ T9599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 192.404332][ T9599] [ 192.904846][ T9605] bridge1: entered promiscuous mode [ 193.358638][ T9615] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1031'. [ 193.368091][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.371534][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.784472][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.786605][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.940957][ T9630] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1036'. [ 194.095626][ T9636] syz.2.1037 (9636): drop_caches: 2 [ 194.097857][ T9636] syz.2.1037 (9636): drop_caches: 2 [ 194.221538][ T9638] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 194.425123][ T9645] binder: 9644:9645 ioctl c0306201 80000080 returned -14 [ 194.601454][ T9653] binder: Unknown parameter 'sl' [ 194.996735][ T9681] pim6reg1: entered promiscuous mode [ 194.998470][ T9681] pim6reg1: entered allmulticast mode [ 195.373395][ T6027] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 195.534459][ T6027] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 195.537284][ T6027] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 195.541215][ T6027] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 195.544269][ T6027] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 195.546829][ T6027] usb 7-1: Manufacturer: syz [ 195.551966][ T6027] usb 7-1: config 0 descriptor?? [ 195.593868][ T6027] rc_core: IR keymap rc-hauppauge not found [ 195.595807][ T6027] Registered IR keymap rc-empty [ 195.599433][ T6027] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 195.607202][ T6027] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input25 [ 196.744284][ T1327] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 196.813356][ T53] vhci_hcd: vhci_device speed not set [ 197.885451][ T53] usb 7-1: USB disconnect, device number 10 [ 203.929861][ T9730] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 203.997415][ T9719] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (pcl812) [ 204.013645][ T9732] syz.2.1055 (9732): drop_caches: 2 [ 204.016808][ T9732] syz.2.1055 (9732): drop_caches: 2 [ 204.118654][ T9741] tipc: Enabling of bearer rejected, failed to enable media [ 204.365986][ T9751] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 204.368064][ T9751] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 204.370720][ T9751] vhci_hcd vhci_hcd.0: Device attached [ 204.493626][ T9755] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1062'. [ 204.496924][ T9755] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1062'. [ 204.673459][ T53] usb 40-1: SetAddress Request (6) to port 0 [ 204.675413][ T53] usb 40-1: new SuperSpeed USB device number 6 using vhci_hcd [ 204.744957][ T9765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1064'. [ 204.747775][ T9765] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1064'. [ 204.753860][ T1140] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 204.756937][ T1140] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 204.759875][ T1140] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 204.762579][ T1140] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 204.847732][ T9769] lo speed is unknown, defaulting to 1000 [ 204.900518][ T9752] vhci_hcd: connection reset by peer [ 204.902345][ T9077] vhci_hcd: stop threads [ 204.904271][ T9077] vhci_hcd: release socket [ 204.906962][ T9077] vhci_hcd: disconnect device [ 205.515340][ T9781] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1070'. [ 205.651297][ T9796] syz.2.1073 (9796): drop_caches: 2 [ 205.658960][ T9796] syz.2.1073 (9796): drop_caches: 2 [ 205.773905][ T9798] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 206.595053][ T9826] FAULT_INJECTION: forcing a failure. [ 206.595053][ T9826] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 206.599556][ T9826] CPU: 2 UID: 0 PID: 9826 Comm: syz.0.1083 Not tainted syzkaller #0 PREEMPT(full) [ 206.599571][ T9826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 206.599577][ T9826] Call Trace: [ 206.599582][ T9826] [ 206.599586][ T9826] dump_stack_lvl+0x16c/0x1f0 [ 206.599603][ T9826] should_fail_ex+0x512/0x640 [ 206.599619][ T9826] _copy_from_user+0x2e/0xd0 [ 206.599635][ T9826] snd_rawmidi_kernel_write1+0x50a/0x8a0 [ 206.599655][ T9826] snd_rawmidi_write+0x26e/0xc10 [ 206.599667][ T9826] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 206.599677][ T9826] ? __pfx_default_wake_function+0x10/0x10 [ 206.599689][ T9826] ? bpf_lsm_file_permission+0x9/0x10 [ 206.599704][ T9826] ? security_file_permission+0x71/0x210 [ 206.599719][ T9826] ? rw_verify_area+0xcf/0x6c0 [ 206.599730][ T9826] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 206.599740][ T9826] vfs_writev+0x5df/0xde0 [ 206.599751][ T9826] ? __pfx_vfs_writev+0x10/0x10 [ 206.599763][ T9826] ? ksys_write+0x190/0x250 [ 206.599774][ T9826] ? rcu_is_watching+0x12/0xc0 [ 206.599787][ T9826] ? __fget_files+0x20e/0x3c0 [ 206.599798][ T9826] ? __fget_files+0x140/0x3c0 [ 206.599809][ T9826] ? do_writev+0x28c/0x340 [ 206.599819][ T9826] do_writev+0x28c/0x340 [ 206.599830][ T9826] ? __pfx_do_writev+0x10/0x10 [ 206.599840][ T9826] ? rcu_is_watching+0x12/0xc0 [ 206.599851][ T9826] __do_fast_syscall_32+0x7c/0x3a0 [ 206.599865][ T9826] do_fast_syscall_32+0x32/0x80 [ 206.599879][ T9826] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 206.599892][ T9826] RIP: 0023:0xf7f78579 [ 206.599901][ T9826] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 206.599912][ T9826] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092 [ 206.599922][ T9826] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000840 [ 206.599928][ T9826] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 [ 206.599934][ T9826] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 206.599940][ T9826] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 206.599946][ T9826] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 206.599954][ T9826] [ 206.743419][ T6224] usb 8-1: new full-speed USB device number 10 using dummy_hcd [ 206.895168][ T6224] usb 8-1: not running at top speed; connect to a high speed hub [ 206.899632][ T6224] usb 8-1: config 74 has an invalid interface number: 21 but max is 3 [ 206.902945][ T6224] usb 8-1: config 74 has an invalid interface number: 247 but max is 3 [ 206.908441][ T6224] usb 8-1: config 74 contains an unexpected descriptor of type 0x1, skipping [ 206.912468][ T6224] usb 8-1: config 74 has an invalid descriptor of length 0, skipping remainder of the config [ 206.917162][ T6224] usb 8-1: config 74 has 2 interfaces, different from the descriptor's value: 4 [ 206.920869][ T6224] usb 8-1: config 74 has no interface number 0 [ 206.923601][ T6224] usb 8-1: config 74 has no interface number 1 [ 206.926161][ T6224] usb 8-1: config 74 interface 21 altsetting 7 endpoint 0xE has invalid maxpacket 1024, setting to 64 [ 206.930526][ T6224] usb 8-1: config 74 interface 247 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 206.936227][ T6224] usb 8-1: config 74 interface 247 altsetting 9 has a duplicate endpoint with address 0xF, skipping [ 206.940573][ T6224] usb 8-1: config 74 interface 247 altsetting 9 has a duplicate endpoint with address 0xE, skipping [ 206.945058][ T6224] usb 8-1: config 74 interface 247 altsetting 9 has an endpoint descriptor with address 0x19, changing to 0x9 [ 206.949708][ T6224] usb 8-1: config 74 interface 247 altsetting 9 endpoint 0x9 has invalid maxpacket 33314, setting to 64 [ 206.955595][ T6224] usb 8-1: config 74 interface 247 altsetting 9 has 6 endpoint descriptors, different from the interface descriptor's value: 9 [ 206.961973][ T6224] usb 8-1: config 74 interface 21 has no altsetting 0 [ 206.965345][ T6224] usb 8-1: config 74 interface 247 has no altsetting 0 [ 206.978210][ T6224] usb 8-1: New USB device found, idVendor=12d1, idProduct=8230, bcdDevice= f.b6 [ 207.005324][ T6224] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.008002][ T6224] usb 8-1: Product: syz [ 207.023710][ T6224] usb 8-1: SerialNumber: syz [ 207.104807][ T9846] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 207.307366][ T6224] option 8-1:74.21: GSM modem (1-port) converter detected [ 207.312279][ T6224] usb 8-1: USB disconnect, device number 10 [ 207.316660][ T6224] option 8-1:74.21: device disconnected [ 207.846638][ T9860] IPVS: length: 139 != 8 [ 207.866718][ T9862] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1096'. [ 208.423484][ T9810] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 208.425910][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 208.841752][ T9885] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 208.880264][ T40] audit: type=1326 audit(1755817060.883:1849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 208.894901][ T40] audit: type=1326 audit(1755817060.893:1850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 208.943455][ T40] audit: type=1326 audit(1755817060.893:1851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 208.951236][ T40] audit: type=1326 audit(1755817060.893:1852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 208.963421][ T40] audit: type=1326 audit(1755817060.893:1853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 208.970225][ T40] audit: type=1326 audit(1755817060.893:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 208.978009][ T40] audit: type=1326 audit(1755817060.893:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 208.994578][ T40] audit: type=1326 audit(1755817060.893:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 209.003797][ T40] audit: type=1326 audit(1755817060.893:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 209.011188][ T40] audit: type=1326 audit(1755817060.893:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.1.1101" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 209.054748][ T9886] pim6reg: entered allmulticast mode [ 209.614347][ T9882] pim6reg: left allmulticast mode [ 209.703382][ T53] usb 40-1: device descriptor read/8, error -110 [ 209.771536][ T9907] 9pnet_virtio: no channels available for device syz [ 209.775850][ T9900] cdrom: dropping to single frame dma [ 210.093840][ T53] usb usb40-port1: attempt power cycle [ 210.641677][ T9919] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1113'. [ 210.674742][ T53] usb usb40-port1: unable to enumerate USB device [ 210.749323][ T9927] netlink: zone id is out of range [ 210.751112][ T9927] FAULT_INJECTION: forcing a failure. [ 210.751112][ T9927] name failslab, interval 1, probability 0, space 0, times 0 [ 210.755477][ T9927] CPU: 2 UID: 0 PID: 9927 Comm: syz.3.1115 Not tainted syzkaller #0 PREEMPT(full) [ 210.755496][ T9927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 210.755503][ T9927] Call Trace: [ 210.755508][ T9927] [ 210.755512][ T9927] dump_stack_lvl+0x16c/0x1f0 [ 210.755530][ T9927] should_fail_ex+0x512/0x640 [ 210.755547][ T9927] should_failslab+0xc2/0x120 [ 210.755561][ T9927] __kmalloc_cache_noprof+0x6a/0x3e0 [ 210.755574][ T9927] ? ovs_ct_limit_cmd_set+0x30a/0xa90 [ 210.755591][ T9927] ovs_ct_limit_cmd_set+0x30a/0xa90 [ 210.755608][ T9927] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 210.755624][ T9927] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 210.755642][ T9927] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 210.755659][ T9927] genl_family_rcv_msg_doit+0x206/0x2f0 [ 210.755675][ T9927] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 210.755705][ T9927] ? bpf_lsm_capable+0x9/0x10 [ 210.755716][ T9927] ? security_capable+0x7e/0x260 [ 210.755727][ T9927] ? ns_capable+0xd7/0x110 [ 210.755738][ T9927] genl_rcv_msg+0x55c/0x800 [ 210.755754][ T9927] ? __pfx_genl_rcv_msg+0x10/0x10 [ 210.755769][ T9927] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 210.755786][ T9927] netlink_rcv_skb+0x155/0x420 [ 210.755799][ T9927] ? __pfx_genl_rcv_msg+0x10/0x10 [ 210.755819][ T9927] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 210.755836][ T9927] ? netlink_deliver_tap+0x1ae/0xd30 [ 210.755849][ T9927] genl_rcv+0x28/0x40 [ 210.755862][ T9927] netlink_unicast+0x5aa/0x870 [ 210.755876][ T9927] ? __pfx_netlink_unicast+0x10/0x10 [ 210.755889][ T9927] ? __asan_memset+0x23/0x50 [ 210.755899][ T9927] ? __build_skb_around+0x278/0x3b0 [ 210.755910][ T9927] ? is_vmalloc_addr+0x86/0xa0 [ 210.755922][ T9927] netlink_sendmsg+0x8d1/0xdd0 [ 210.755936][ T9927] ? __pfx_netlink_sendmsg+0x10/0x10 [ 210.755950][ T9927] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 210.755962][ T9927] ____sys_sendmsg+0xa95/0xc70 [ 210.755978][ T9927] ? __pfx_____sys_sendmsg+0x10/0x10 [ 210.755993][ T9927] ? get_compat_msghdr+0x11a/0x170 [ 210.756007][ T9927] ? kstrtouint_from_user+0x13c/0x1d0 [ 210.756021][ T9927] ___sys_sendmsg+0x134/0x1d0 [ 210.756033][ T9927] ? get_pid_task+0xfc/0x250 [ 210.756047][ T9927] ? __pfx____sys_sendmsg+0x10/0x10 [ 210.756062][ T9927] ? rcu_is_watching+0x12/0xc0 [ 210.756077][ T9927] __sys_sendmsg+0x16d/0x220 [ 210.756090][ T9927] ? __pfx___sys_sendmsg+0x10/0x10 [ 210.756105][ T9927] ? rcu_is_watching+0x12/0xc0 [ 210.756116][ T9927] __do_fast_syscall_32+0x7c/0x3a0 [ 210.756131][ T9927] do_fast_syscall_32+0x32/0x80 [ 210.756144][ T9927] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 210.756157][ T9927] RIP: 0023:0xf7f34579 [ 210.756165][ T9927] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 210.756176][ T9927] RSP: 002b:00000000f543555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 210.756187][ T9927] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 210.756193][ T9927] RDX: 0000000000004010 RSI: 0000000000000000 RDI: 0000000000000000 [ 210.756199][ T9927] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 210.756205][ T9927] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 210.756211][ T9927] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 210.756220][ T9927] [ 210.785609][ T9929] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 211.068732][ T9933] 9pnet_fd: Insufficient options for proto=fd [ 211.507660][ T9936] random: crng reseeded on system resumption [ 211.554374][ T9938] /dev/sg0: Can't lookup blockdev [ 212.529823][ T9951] syz.2.1122 (9951): drop_caches: 2 [ 212.537155][ T9951] syz.2.1122 (9951): drop_caches: 2 [ 213.440535][ T9973] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 213.893814][ T9985] Driver unsupported XDP return value 0 on prog (id 265) dev N/A, expect packet loss! [ 214.051304][ T9988] pim6reg: entered allmulticast mode [ 214.054328][ T9988] pim6reg: left allmulticast mode [ 214.773748][T10005] syz.0.1136 (10005): drop_caches: 2 [ 214.775802][T10005] syz.0.1136 (10005): drop_caches: 2 [ 214.958222][T10008] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1138'. [ 215.328298][T10018] fuse: Unknown parameter 'group_id00000000000000000000' [ 215.332660][T10018] rdma_rxe: rxe_newlink: failed to add lo [ 215.403528][ T59] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 215.553370][ T59] usb 8-1: Using ep0 maxpacket: 16 [ 215.556608][ T59] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 215.560133][ T59] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 215.563742][ T59] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 215.567166][ T59] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 215.571979][ T59] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 215.575336][ T59] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 215.578396][ T59] usb 8-1: SerialNumber: syz [ 215.581461][ T59] hub 8-1:1.0: bad descriptor, ignoring hub [ 215.583371][ T59] hub 8-1:1.0: probe with driver hub failed with error -5 [ 215.586348][ T59] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -22 [ 215.653457][ T6027] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 215.711697][T10025] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 215.804611][ T6027] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 215.814141][ T6027] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 215.823859][ T6027] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 215.830029][ T6027] usb 7-1: New USB device strings: Mfr=0, Product=15, SerialNumber=0 [ 215.838126][ T6027] usb 7-1: Product: syz [ 215.843675][T10018] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 215.848583][ T6027] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 216.135569][T10029] overlayfs: failed to resolve './file0': -2 [ 216.146907][T10029] overlayfs: failed to resolve './file0': -2 [ 216.403038][ T40] kauditd_printk_skb: 29 callbacks suppressed [ 216.403053][ T40] audit: type=1326 audit(1755817068.403:1888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10033 comm="syz.1.1145" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7fc00000 [ 217.023019][ T40] audit: type=1326 audit(1755817069.023:1889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10033 comm="syz.1.1145" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f35579 code=0x7fc00000 [ 217.052420][T10046] IPVS: Error connecting to the multicast addr [ 217.951197][T10054] team0: left promiscuous mode [ 217.952833][T10054] team_slave_0: left promiscuous mode [ 217.954728][T10054] team_slave_1: left promiscuous mode [ 217.956878][T10054] bridge0: port 3(team0) entered disabled state [ 217.959620][T10054] bridge_slave_0: left promiscuous mode [ 217.961687][T10054] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.965302][T10054] bridge_slave_1: left promiscuous mode [ 217.967196][T10054] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.972985][T10054] bond0: (slave bond_slave_0): Releasing backup interface [ 217.983588][T10054] bond_slave_0: left promiscuous mode [ 217.988892][T10054] bond0: (slave bond_slave_1): Releasing backup interface [ 217.992689][T10054] bond_slave_1: left promiscuous mode [ 217.995797][T10054] team0: Port device team_slave_0 removed [ 218.000070][T10054] team0: Port device team_slave_1 removed [ 218.002261][T10054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.005709][T10054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.006285][T10057] netlink: 'syz.1.1151': attribute type 10 has an invalid length. [ 218.011897][T10057] bond0: left allmulticast mode [ 218.014165][T10057] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.016430][T10057] team0: Device bond0 failed to register rx_handler [ 218.083455][ T59] usb 8-1: USB disconnect, device number 11 [ 218.205012][ T6027] usb 7-1: USB disconnect, device number 11 [ 218.503464][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 218.505698][T10040] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 218.614332][T10072] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 218.626526][T10074] netlink: 'syz.1.1158': attribute type 1 has an invalid length. [ 218.643137][T10074] 8021q: adding VLAN 0 to HW filter on device bond2 [ 218.816596][ T40] audit: type=1326 audit(1755817070.823:1890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10055 comm="syz.3.1152" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 218.823538][ T40] audit: type=1326 audit(1755817070.823:1891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10055 comm="syz.3.1152" exe="/syz-executor" sig=0 arch=40000003 syscall=227 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 219.283336][ T9] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 219.347527][T10089] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 219.349724][T10089] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 219.352673][T10089] vhci_hcd vhci_hcd.0: Device attached [ 219.373133][T10092] vhci_hcd: connection closed [ 219.373342][ T46] vhci_hcd: stop threads [ 219.376505][ T46] vhci_hcd: release socket [ 219.378033][ T46] vhci_hcd: disconnect device [ 219.443336][ T9] usb 8-1: Using ep0 maxpacket: 32 [ 219.446459][ T9] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 219.449100][ T9] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 219.451796][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 219.454687][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 219.457740][ T9] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 219.460743][ T9] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 219.464849][ T9] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 219.467645][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.470963][ T9] usb 8-1: config 0 descriptor?? [ 219.677448][T10087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.680139][T10087] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.682687][ T9] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 219.687894][T10087] netlink: 320 bytes leftover after parsing attributes in process `syz.3.1161'. [ 219.714379][T10087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.717429][T10087] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.035206][T10119] syz.2.1166 (10119): drop_caches: 2 [ 220.037108][T10119] syz.2.1166 (10119): drop_caches: 2 [ 220.644122][T10130] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 220.731433][T10131] overlayfs: failed to clone lowerpath [ 220.754963][T10131] overlayfs: failed to clone upperpath [ 220.929396][T10135] syz.2.1172 (10135): drop_caches: 2 [ 220.932313][T10135] syz.2.1172 (10135): drop_caches: 2 [ 221.411411][T10137] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1174'. [ 222.058351][ T53] usb 8-1: USB disconnect, device number 12 [ 222.063123][ T53] usblp0: removed [ 222.242943][T10175] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 222.951931][T10195] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 223.504490][T10209] syz.0.1191 (10209): drop_caches: 2 [ 223.515441][T10209] syz.0.1191 (10209): drop_caches: 2 [ 223.535520][T10212] netlink: 384 bytes leftover after parsing attributes in process `syz.1.1196'. [ 223.770003][T10223] overlayfs: failed to clone lowerpath [ 223.825625][ T9] kernel write not supported for file /sequencer2 (pid: 9 comm: kworker/0:0) [ 223.948694][T10222] syz.2.1201 (10222): drop_caches: 1 [ 223.973099][T10222] syz.2.1201 (10222): drop_caches: 1 [ 223.982063][T10227] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 224.067848][T10224] syz.2.1201 (10224): drop_caches: 1 [ 224.139993][T10229] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1202'. [ 224.211206][ T9] kernel read not supported for file /857/oom_adj (pid: 9 comm: kworker/0:0) [ 224.321037][ T9] libceph: connect (1)[c::]:6789 error -101 [ 224.323063][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 224.421423][T10242] ceph: No mds server is up or the cluster is laggy [ 224.440854][T10251] binder: 10250:10251 unknown command 0 [ 224.442824][T10251] binder: 10250:10251 ioctl c0306201 80000080 returned -22 [ 224.883060][ T59] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 225.033023][ T59] usb 8-1: Using ep0 maxpacket: 32 [ 225.036423][ T59] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 225.040149][ T59] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 225.043111][ T59] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 225.045966][ T59] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 225.048990][ T59] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 225.052031][ T59] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 225.056129][ T59] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 225.058926][ T59] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.066098][ T59] usb 8-1: config 0 descriptor?? [ 225.164246][T10273] syz.2.1217 (10273): drop_caches: 2 [ 225.166420][T10273] syz.2.1217 (10273): drop_caches: 2 [ 225.271757][ T59] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 225.277337][ T59] usb 8-1: USB disconnect, device number 13 [ 225.281196][ T59] usblp0: removed [ 225.703064][ T59] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 225.852639][ T59] usb 8-1: Using ep0 maxpacket: 32 [ 225.856141][ T59] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 225.859615][ T59] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 225.863456][ T59] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 225.867169][ T59] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 225.871110][ T59] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 225.875120][ T59] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 225.882595][ T59] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 225.886124][ T59] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.890504][ T59] usb 8-1: config 0 descriptor?? [ 226.096227][ T59] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 226.213605][T10281] syz.2.1220 (10281): drop_caches: 2 [ 226.216456][T10281] syz.2.1220 (10281): drop_caches: 2 [ 226.313175][ T59] usb 8-1: USB disconnect, device number 14 [ 226.317636][ T59] usblp0: removed [ 226.346245][T10289] IPVS: set_ctl: invalid protocol: 192 164.0.0.0:20000 [ 226.365961][T10293] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 226.368914][T10293] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 226.569301][T10297] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 227.310839][T10304] Bluetooth: MGMT ver 1.23 [ 227.449743][T10310] syz.0.1228 (10310): drop_caches: 2 [ 227.452484][T10310] syz.0.1228 (10310): drop_caches: 2 [ 227.861597][T10318] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1231'. [ 228.877538][T10337] overlayfs: failed to clone lowerpath [ 228.945473][T10338] overlayfs: failed to clone upperpath [ 229.192161][T10341] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 230.071648][T10357] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 230.590573][T10366] lo speed is unknown, defaulting to 1000 [ 230.594922][T10366] lo speed is unknown, defaulting to 1000 [ 230.597784][T10366] lo speed is unknown, defaulting to 1000 [ 230.604343][T10366] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 230.611083][T10366] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 230.624724][T10366] lo speed is unknown, defaulting to 1000 [ 230.629096][T10366] lo speed is unknown, defaulting to 1000 [ 230.631304][T10366] lo speed is unknown, defaulting to 1000 [ 230.633506][T10366] lo speed is unknown, defaulting to 1000 [ 230.640731][T10366] lo speed is unknown, defaulting to 1000 [ 231.475389][T10384] syz.0.1246 (10384): drop_caches: 2 [ 231.477663][T10384] syz.0.1246 (10384): drop_caches: 2 [ 232.410492][T10395] syz.0.1250 (10395): drop_caches: 2 [ 232.412814][T10395] syz.0.1250 (10395): drop_caches: 2 [ 232.414861][T10396] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 232.518328][T10393] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1248'. [ 232.974541][T10401] overlayfs: failed to clone lowerpath [ 232.982571][T10401] overlayfs: failed to clone upperpath [ 233.204333][T10405] netlink: del zone limit has 8 unknown bytes [ 233.372693][T10413] syz.3.1255 (10413): drop_caches: 2 [ 233.375794][T10413] syz.3.1255 (10413): drop_caches: 2 [ 233.386780][T10414] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 234.271361][ T40] audit: type=1400 audit(1755817342.278:1892): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=":0x000000000000" pid=10432 comm="syz.0.1260" [ 234.438355][ T59] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 234.514783][T10440] tipc: Enabled bearer , priority 10 [ 234.598145][ T59] usb 7-1: Using ep0 maxpacket: 16 [ 234.645796][ T59] usb 7-1: unable to get BOS descriptor or descriptor too short [ 234.652021][ T59] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 234.654588][ T59] usb 7-1: can't read configurations, error -71 [ 235.177587][ T6027] IPVS: starting estimator thread 0... [ 235.231425][T10452] netlink: 'syz.0.1265': attribute type 1 has an invalid length. [ 235.234244][T10452] netlink: 16074 bytes leftover after parsing attributes in process `syz.0.1265'. [ 235.255898][T10454] FAULT_INJECTION: forcing a failure. [ 235.255898][T10454] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 235.261012][T10454] CPU: 3 UID: 0 PID: 10454 Comm: syz.0.1266 Not tainted syzkaller #0 PREEMPT(full) [ 235.261036][T10454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 235.261047][T10454] Call Trace: [ 235.261053][T10454] [ 235.261060][T10454] dump_stack_lvl+0x16c/0x1f0 [ 235.261086][T10454] should_fail_ex+0x512/0x640 [ 235.261112][T10454] _copy_from_user+0x2e/0xd0 [ 235.261140][T10454] get_compat_msghdr+0xa7/0x170 [ 235.261162][T10454] ? __pfx_get_compat_msghdr+0x10/0x10 [ 235.261187][T10454] ___sys_sendmsg+0x1ae/0x1d0 [ 235.261209][T10454] ? __pfx____sys_sendmsg+0x10/0x10 [ 235.261230][T10454] ? lock_release+0x201/0x2f0 [ 235.261262][T10454] ? __pfx___might_resched+0x10/0x10 [ 235.261279][T10454] ? __sys_sendmmsg+0x30d/0x420 [ 235.261302][T10454] __sys_sendmmsg+0x2f9/0x420 [ 235.261324][T10454] ? __pfx___sys_sendmmsg+0x10/0x10 [ 235.261345][T10454] ? lock_release+0x201/0x2f0 [ 235.261368][T10454] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 235.261395][T10454] ? fput+0x9b/0xd0 [ 235.261419][T10454] ? ksys_write+0x1ac/0x250 [ 235.261438][T10454] ? __pfx_ksys_write+0x10/0x10 [ 235.261458][T10454] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 235.261480][T10454] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 235.261503][T10454] __do_fast_syscall_32+0x7c/0x3a0 [ 235.261526][T10454] do_fast_syscall_32+0x32/0x80 [ 235.261548][T10454] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 235.261569][T10454] RIP: 0023:0xf7f78579 [ 235.261582][T10454] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 235.261604][T10454] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 235.261621][T10454] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001c00 [ 235.261632][T10454] RDX: 0000000000000159 RSI: 0000000000040840 RDI: 0000000000000000 [ 235.261642][T10454] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 235.261653][T10454] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 235.261662][T10454] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 235.261679][T10454] [ 235.267865][T10450] IPVS: using max 57 ests per chain, 136800 per kthread [ 235.482713][T10463] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 235.507689][ T6027] tipc: Node number set to 4101907301 [ 235.710772][ T40] audit: type=1326 audit(1755817343.719:1893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10479 comm="syz.2.1277" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 235.718410][ T40] audit: type=1326 audit(1755817343.719:1894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10479 comm="syz.2.1277" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 235.725225][ T40] audit: type=1326 audit(1755817343.719:1895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10479 comm="syz.2.1277" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 235.733513][ T40] audit: type=1326 audit(1755817343.719:1896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10479 comm="syz.2.1277" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 235.740876][ T40] audit: type=1326 audit(1755817343.719:1897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10479 comm="syz.2.1277" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 235.749020][ T40] audit: type=1326 audit(1755817343.719:1898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10479 comm="syz.2.1277" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 235.755990][ T40] audit: type=1326 audit(1755817343.719:1899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10479 comm="syz.2.1277" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 235.763687][ T40] audit: type=1326 audit(1755817343.719:1900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10479 comm="syz.2.1277" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 235.771069][ T40] audit: type=1326 audit(1755817343.719:1901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10479 comm="syz.2.1277" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 236.077466][ T6027] psmouse serio2: Failed to reset mouse on : -5 [ 236.347312][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 236.349563][T10435] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 236.795372][T10497] syz.0.1281: attempt to access beyond end of device [ 236.795372][T10497] loop0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 237.033494][T10506] bond0: left allmulticast mode [ 237.040815][T10506] team0: Port device bond0 removed [ 237.049004][T10506] bond3: (slave bond4): Releasing backup interface [ 237.932199][T10536] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 238.776223][T10543] block nbd0: server does not support multiple connections per device. [ 238.779705][T10543] block nbd0: shutting down sockets [ 239.905552][ T6027] misc userio: Buffer overflowed, userio client isn't keeping up [ 240.495254][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 240.496298][T10539] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 240.965520][ T6027] input: PS/2 Generic Mouse as /devices/serio2/input/input27 [ 241.174935][ T6027] psmouse serio2: Failed to enable mouse on [ 241.221214][T10586] netlink: 'syz.2.1308': attribute type 1 has an invalid length. [ 241.230255][T10586] 8021q: adding VLAN 0 to HW filter on device bond3 [ 241.242530][T10586] bond3: (slave wlan0): Enslaving as an active interface with a down link [ 241.255134][T10586] vlan2: entered allmulticast mode [ 241.256712][T10586] veth1: entered allmulticast mode [ 241.258718][T10586] veth1: entered promiscuous mode [ 241.260513][T10586] veth1: left promiscuous mode [ 241.262642][T10586] bond3: (slave vlan2): making interface the new active one [ 241.265480][T10586] bond3: (slave wlan0): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 241.271363][T10586] veth1: entered promiscuous mode [ 241.273964][T10586] vlan2: entered promiscuous mode [ 241.276487][T10586] bond3: (slave vlan2): Enslaving as an active interface with an up link [ 241.638022][ T61] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 241.640928][ T61] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 241.643794][ T61] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 241.647000][ T61] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 241.650229][ T61] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 241.653198][ T61] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 241.656638][ T61] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 241.659438][ T61] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 241.664866][ T61] hid-generic 00A0:0006:0003.0004: hidraw0: HID v0.05 Device [syz1] on syz0 [ 241.719296][T10600] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1313'. [ 242.792354][T10608] delete_channel: no stack [ 242.922827][T10623] lo speed is unknown, defaulting to 1000 [ 242.976766][T10623] lo speed is unknown, defaulting to 1000 [ 243.042568][T10621] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1320'. [ 243.045653][T10621] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1320'. [ 243.048472][T10621] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1320'. [ 243.844927][T10638] syz.3.1324 (10638): drop_caches: 2 [ 243.847208][T10638] syz.3.1324 (10638): drop_caches: 2 [ 244.172522][T10648] syz.0.1333 (10648): drop_caches: 2 [ 244.175120][T10648] syz.0.1333 (10648): drop_caches: 2 [ 244.448574][T10653] cgroup: Unknown subsys name 'fowner>00000000000000000000' [ 244.514412][T10662] lo speed is unknown, defaulting to 1000 [ 244.593572][T10662] lo speed is unknown, defaulting to 1000 [ 245.292236][T10682] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1336'. [ 245.649149][T10692] syz.0.1340 (10692): drop_caches: 2 [ 245.651374][T10692] syz.0.1340 (10692): drop_caches: 2 [ 246.014656][T10699] syz.3.1342 (10699): drop_caches: 2 [ 246.017229][T10699] syz.3.1342 (10699): drop_caches: 2 [ 246.405936][T10701] lo speed is unknown, defaulting to 1000 [ 246.457765][T10701] lo speed is unknown, defaulting to 1000 [ 246.541426][T10701] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1343'. [ 247.566778][T10745] overlayfs: failed to clone upperpath [ 247.571302][T10745] overlayfs: failed to clone upperpath [ 247.765136][T10754] lo speed is unknown, defaulting to 1000 [ 247.773224][T10756] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1358'. [ 247.786081][T10756] hsr_slave_0 (unregistering): left promiscuous mode [ 247.835074][T10754] lo speed is unknown, defaulting to 1000 [ 248.897353][T10780] syz.2.1363 (10780): drop_caches: 2 [ 248.900178][T10780] syz.2.1363 (10780): drop_caches: 2 [ 249.075292][T10782] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 249.826459][T10806] syz.3.1371 (10806): drop_caches: 2 [ 249.828864][T10806] syz.3.1371 (10806): drop_caches: 2 [ 250.426975][ T40] kauditd_printk_skb: 40 callbacks suppressed [ 250.427151][ T40] audit: type=1326 audit(1755817358.436:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.1.1372" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 250.443475][ T40] audit: type=1326 audit(1755817358.436:1943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.1.1372" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 250.453443][ T40] audit: type=1326 audit(1755817358.436:1944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.1.1372" exe="/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 250.462438][ T40] audit: type=1326 audit(1755817358.436:1945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.1.1372" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 250.471537][ T40] audit: type=1326 audit(1755817358.436:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.1.1372" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 250.480471][ T40] audit: type=1326 audit(1755817358.436:1947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.1.1372" exe="/syz-executor" sig=0 arch=40000003 syscall=57 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 250.488131][ T40] audit: type=1326 audit(1755817358.436:1948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.1.1372" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 250.497301][ T40] audit: type=1326 audit(1755817358.436:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.1.1372" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 250.508172][ T40] audit: type=1326 audit(1755817358.436:1950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.1.1372" exe="/syz-executor" sig=0 arch=40000003 syscall=227 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 250.517553][ T40] audit: type=1326 audit(1755817358.436:1951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.1.1372" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 251.273794][T10831] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 252.065749][T10839] FAULT_INJECTION: forcing a failure. [ 252.065749][T10839] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 252.071830][T10839] CPU: 2 UID: 0 PID: 10839 Comm: syz.3.1381 Not tainted syzkaller #0 PREEMPT(full) [ 252.071872][T10839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 252.071886][T10839] Call Trace: [ 252.071893][T10839] [ 252.071900][T10839] dump_stack_lvl+0x16c/0x1f0 [ 252.071933][T10839] should_fail_ex+0x512/0x640 [ 252.071962][T10839] _copy_from_iter+0x29f/0x16f0 [ 252.072014][T10839] ? __alloc_skb+0x200/0x380 [ 252.072041][T10839] ? __pfx__copy_from_iter+0x10/0x10 [ 252.072068][T10839] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 252.072100][T10839] netlink_sendmsg+0x829/0xdd0 [ 252.072126][T10839] ? __pfx_netlink_sendmsg+0x10/0x10 [ 252.072152][T10839] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 252.072179][T10839] ____sys_sendmsg+0xa95/0xc70 [ 252.072215][T10839] ? __pfx_____sys_sendmsg+0x10/0x10 [ 252.072244][T10839] ? get_compat_msghdr+0x11a/0x170 [ 252.072267][T10839] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 252.072293][T10839] ___sys_sendmsg+0x134/0x1d0 [ 252.072318][T10839] ? __pfx____sys_sendmsg+0x10/0x10 [ 252.072338][T10839] ? __pfx_sched_clock_cpu+0x10/0x10 [ 252.072365][T10839] ? rcu_is_watching+0x12/0xc0 [ 252.072394][T10839] __sys_sendmsg+0x16d/0x220 [ 252.072416][T10839] ? __pfx___sys_sendmsg+0x10/0x10 [ 252.072445][T10839] ? rcu_is_watching+0x12/0xc0 [ 252.072467][T10839] __do_fast_syscall_32+0x7c/0x3a0 [ 252.072491][T10839] do_fast_syscall_32+0x32/0x80 [ 252.072516][T10839] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 252.072541][T10839] RIP: 0023:0xf7f34579 [ 252.072558][T10839] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 252.072575][T10839] RSP: 002b:00000000f543555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 252.072608][T10839] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000040 [ 252.072620][T10839] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 252.072631][T10839] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 252.072644][T10839] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 252.072658][T10839] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 252.072678][T10839] [ 252.698777][T10858] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1386'. [ 252.889054][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 252.889092][T10822] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 253.203238][T10867] syz.0.1388 (10867): drop_caches: 2 [ 253.206454][T10867] syz.0.1388 (10867): drop_caches: 2 [ 253.431749][T10872] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1390'. [ 253.435740][T10872] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1390'. [ 253.439855][T10872] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1390'. [ 253.477224][T10874] lo speed is unknown, defaulting to 1000 [ 253.511118][T10874] lo speed is unknown, defaulting to 1000 [ 253.539219][ T1174] vlan2: left promiscuous mode [ 253.582072][T10878] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 253.639306][T10879] lo speed is unknown, defaulting to 1000 [ 253.693957][T10879] lo speed is unknown, defaulting to 1000 [ 254.011296][T10886] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 254.013427][T10886] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 254.016350][T10886] vhci_hcd vhci_hcd.0: Device attached [ 254.248420][ T53] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 254.792987][T10887] vhci_hcd: connection reset by peer [ 254.799882][ T92] vhci_hcd: stop threads [ 254.801734][ T92] vhci_hcd: release socket [ 254.803477][ T92] vhci_hcd: disconnect device [ 255.215210][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.219580][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.444628][T10920] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1405'. [ 256.443743][T10935] sp0: Synchronizing with TNC [ 257.054457][ T29] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 257.325898][T10952] rdma_rxe: rxe_newlink: failed to add lo [ 257.329540][ T29] usb 8-1: config index 0 descriptor too short (expected 23569, got 27) [ 257.332264][ T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 257.336218][ T29] usb 8-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 257.339269][ T29] usb 8-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 257.341991][ T29] usb 8-1: Manufacturer: syz [ 257.344706][ T29] usb 8-1: config 0 descriptor?? [ 257.376835][T10916] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 257.379420][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 257.396765][ T29] rc_core: IR keymap rc-hauppauge not found [ 257.398863][ T29] Registered IR keymap rc-empty [ 257.400816][ T29] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0 [ 257.404927][ T29] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input29 [ 259.024800][T10981] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 259.026902][T10981] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 259.029866][T10981] vhci_hcd vhci_hcd.0: Device attached [ 259.039856][T10981] netdevsim netdevsim0: Direct firmware load for @ failed with error -2 [ 259.043000][T10981] netdevsim netdevsim0: Falling back to sysfs fallback for: @ [ 259.355809][ T53] vhci_hcd: vhci_device speed not set [ 259.402102][T10992] syz.2.1422 (10992): drop_caches: 2 [ 259.404477][ T6027] usb 8-1: USB disconnect, device number 15 [ 259.404870][T10939] syz.3.1408 (10939) used greatest stack depth: 19608 bytes left [ 259.411450][T10992] syz.2.1422 (10992): drop_caches: 2 [ 259.435180][ T40] kauditd_printk_skb: 37 callbacks suppressed [ 259.435197][ T40] audit: type=1326 audit(1755817367.451:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10994 comm="syz.3.1424" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x0 [ 259.527247][T10996] overlayfs: failed to clone lowerpath [ 259.532890][T10996] overlayfs: failed to clone upperpath [ 259.746551][T10982] vhci_hcd: connection closed [ 259.746922][ T1140] vhci_hcd: stop threads [ 259.751660][ T1140] vhci_hcd: release socket [ 259.753928][ T1140] vhci_hcd: disconnect device [ 260.667285][ T29] usb usb38-port1: attempt power cycle [ 261.113716][T11017] syz.2.1431 (11017): drop_caches: 2 [ 261.115850][T11017] syz.2.1431 (11017): drop_caches: 2 [ 261.255436][ T29] usb usb38-port1: unable to enumerate USB device [ 261.342483][T11021] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1433'. [ 261.579365][T11027] syz.0.1434: attempt to access beyond end of device [ 261.579365][T11027] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 262.214359][ T53] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 262.325162][T11004] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 262.329236][ T5976] Bluetooth: hci3: command 0x0405 tx timeout [ 262.414344][ T53] usb 7-1: Using ep0 maxpacket: 16 [ 262.446474][ T53] usb 7-1: unable to get BOS descriptor or descriptor too short [ 262.450558][ T53] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 262.453961][ T53] usb 7-1: can't read configurations, error -71 [ 262.622773][T11048] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 263.007186][T11061] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1446'. [ 264.102888][T11081] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1451'. [ 264.265083][T11090] fuse: Unknown parameter 'group_id00000000000000000000' [ 264.284748][T11090] rdma_rxe: rxe_newlink: failed to add lo [ 264.440890][T11094] lo speed is unknown, defaulting to 1000 [ 264.529399][T11094] lo speed is unknown, defaulting to 1000 [ 265.032389][T11101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1458'. [ 265.042721][T11104] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1458'. [ 265.255661][ T40] audit: type=1804 audit(1755817373.284:1990): pid=11122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1461" name="/newroot/400/cgroup.controllers" dev="tmpfs" ino=2335 res=1 errno=0 [ 265.263516][ T40] audit: type=1800 audit(1755817373.294:1991): pid=11122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1461" name="cgroup.controllers" dev="tmpfs" ino=2335 res=0 errno=0 [ 265.270777][ T40] audit: type=1800 audit(1755817373.294:1992): pid=11122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1461" name="cgroup.controllers" dev="tmpfs" ino=2335 res=0 errno=0 [ 265.371746][T11126] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1463'. [ 266.412594][ T61] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 266.573765][ T61] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 266.577248][ T61] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 266.580497][ T61] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 266.584808][ T61] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 266.587692][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.593006][ T61] usb 7-1: config 0 descriptor?? [ 266.811341][T11151] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 266.817279][T11151] FAULT_INJECTION: forcing a failure. [ 266.817279][T11151] name failslab, interval 1, probability 0, space 0, times 0 [ 266.821201][T11151] CPU: 1 UID: 0 PID: 11151 Comm: syz.3.1471 Not tainted syzkaller #0 PREEMPT(full) [ 266.821227][T11151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 266.821234][T11151] Call Trace: [ 266.821238][T11151] [ 266.821242][T11151] dump_stack_lvl+0x16c/0x1f0 [ 266.821259][T11151] should_fail_ex+0x512/0x640 [ 266.821275][T11151] should_failslab+0xc2/0x120 [ 266.821289][T11151] __kvmalloc_node_noprof+0x137/0x620 [ 266.821300][T11151] ? finish_task_switch.isra.0+0x221/0xc10 [ 266.821312][T11151] ? simple_xattr_alloc+0x41/0xa0 [ 266.821326][T11151] ? rcu_is_watching+0x12/0xc0 [ 266.821337][T11151] ? simple_xattr_alloc+0x41/0xa0 [ 266.821350][T11151] simple_xattr_alloc+0x41/0xa0 [ 266.821363][T11151] simple_xattr_set+0x3d/0x3e0 [ 266.821377][T11151] shmem_xattr_handler_set+0x31b/0x3b0 [ 266.821393][T11151] ? __pfx_shmem_xattr_handler_set+0x10/0x10 [ 266.821407][T11151] __vfs_setxattr+0x175/0x1e0 [ 266.821418][T11151] ? __pfx___vfs_setxattr+0x10/0x10 [ 266.821428][T11151] ? apparmor_capable+0x114/0x1d0 [ 266.821441][T11151] __vfs_setxattr_noperm+0x127/0x660 [ 266.821453][T11151] __vfs_setxattr_locked+0x182/0x260 [ 266.821464][T11151] ? trace_contention_end+0xdd/0x130 [ 266.821479][T11151] vfs_setxattr+0x145/0x360 [ 266.821489][T11151] ? rcu_is_watching+0x12/0xc0 [ 266.821499][T11151] ? __pfx_vfs_setxattr+0x10/0x10 [ 266.821509][T11151] ? __pfx___mutex_lock+0x10/0x10 [ 266.821523][T11151] ? rcu_is_watching+0x12/0xc0 [ 266.821534][T11151] ovl_check_setxattr+0x181/0x320 [ 266.821551][T11151] ovl_set_impure+0x13e/0x1e0 [ 266.821566][T11151] ovl_copy_up_one+0x914/0x38e0 [ 266.821576][T11151] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 266.821588][T11151] ? is_bpf_text_address+0x94/0x1a0 [ 266.821601][T11151] ? kernel_text_address+0x8d/0x100 [ 266.821610][T11151] ? sched_clock+0x38/0x60 [ 266.821625][T11151] ? arch_stack_walk+0xa6/0x100 [ 266.821636][T11151] ? __pfx_ovl_copy_up_one+0x10/0x10 [ 266.821647][T11151] ? stack_trace_save+0x8e/0xc0 [ 266.821657][T11151] ? __pfx_stack_trace_save+0x10/0x10 [ 266.821669][T11151] ? stack_depot_save_flags+0x29/0x9c0 [ 266.821683][T11151] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 266.821707][T11151] ? rcu_is_watching+0x12/0xc0 [ 266.821717][T11151] ? lock_release+0x201/0x2f0 [ 266.821731][T11151] ovl_copy_up_flags+0x18d/0x200 [ 266.821741][T11151] ovl_rename+0x3dd/0x1710 [ 266.821755][T11151] ? bpf_lsm_inode_permission+0x9/0x10 [ 266.821769][T11151] ? security_inode_permission+0xbf/0x260 [ 266.821782][T11151] ? rcu_is_watching+0x12/0xc0 [ 266.821792][T11151] ? __pfx_ovl_rename+0x10/0x10 [ 266.821804][T11151] ? rcu_is_watching+0x12/0xc0 [ 266.821814][T11151] ? lock_release+0x201/0x2f0 [ 266.821826][T11151] ? rcu_is_watching+0x12/0xc0 [ 266.821836][T11151] ? do_raw_spin_lock+0x12c/0x2b0 [ 266.821852][T11151] ? vfs_rename+0x52a/0x22c0 [ 266.821860][T11151] ? rcu_is_watching+0x12/0xc0 [ 266.821870][T11151] ? lock_release+0x201/0x2f0 [ 266.821884][T11151] vfs_rename+0xfba/0x22c0 [ 266.821895][T11151] ? __pfx_vfs_rename+0x10/0x10 [ 266.821915][T11151] ? _raw_spin_unlock+0x28/0x50 [ 266.821929][T11151] ? security_path_rename+0x136/0x3c0 [ 266.821941][T11151] do_renameat2+0x7f9/0xc50 [ 266.821957][T11151] ? __pfx_do_renameat2+0x10/0x10 [ 266.821972][T11151] ? strncpy_from_user+0xa6/0x2e0 [ 266.821986][T11151] ? getname_flags.part.0+0x1c5/0x550 [ 266.822003][T11151] __ia32_sys_rename+0x7c/0xa0 [ 266.822016][T11151] __do_fast_syscall_32+0x7c/0x3a0 [ 266.822030][T11151] do_fast_syscall_32+0x32/0x80 [ 266.822043][T11151] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 266.822062][T11151] RIP: 0023:0xf7f34579 [ 266.822070][T11151] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 266.822081][T11151] RSP: 002b:00000000f541455c EFLAGS: 00000296 ORIG_RAX: 0000000000000026 [ 266.822092][T11151] RAX: ffffffffffffffda RBX: 0000000080000400 RCX: 0000000080000f00 [ 266.822098][T11151] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 266.822104][T11151] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 266.822110][T11151] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 266.822116][T11151] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 266.822124][T11151] [ 266.954709][ C1] vkms_vblank_simulate: vblank timer overrun [ 267.161286][T11158] wg1: entered promiscuous mode [ 267.305328][T11130] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1465'. [ 267.306100][T11163] FAULT_INJECTION: forcing a failure. [ 267.306100][T11163] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.308355][T11130] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1465'. [ 267.312709][T11163] CPU: 2 UID: 0 PID: 11163 Comm: syz.0.1476 Not tainted syzkaller #0 PREEMPT(full) [ 267.312726][T11163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 267.312750][T11163] Call Trace: [ 267.312756][T11163] [ 267.312762][T11163] dump_stack_lvl+0x16c/0x1f0 [ 267.312786][T11163] should_fail_ex+0x512/0x640 [ 267.312809][T11163] _copy_to_user+0x32/0xd0 [ 267.312819][T11163] generic_map_lookup_batch+0x5b2/0xb40 [ 267.312837][T11163] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 267.312852][T11163] ? __might_fault+0xb0/0x190 [ 267.312866][T11163] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 267.312880][T11163] bpf_map_do_batch+0x267/0x680 [ 267.312893][T11163] __sys_bpf+0x188d/0x4de0 [ 267.312915][T11163] ? lock_release+0x201/0x2f0 [ 267.312936][T11163] ? __pfx___sys_bpf+0x10/0x10 [ 267.312957][T11163] ? ksys_write+0x190/0x250 [ 267.312970][T11163] ? rcu_is_watching+0x12/0xc0 [ 267.312980][T11163] ? lock_release+0x201/0x2f0 [ 267.312993][T11163] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 267.313011][T11163] ? fput+0x9b/0xd0 [ 267.313024][T11163] ? ksys_write+0x1ac/0x250 [ 267.313035][T11163] ? __pfx_ksys_write+0x10/0x10 [ 267.313048][T11163] __ia32_sys_bpf+0x76/0xe0 [ 267.313067][T11163] __do_fast_syscall_32+0x7c/0x3a0 [ 267.313082][T11163] do_fast_syscall_32+0x32/0x80 [ 267.313095][T11163] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 267.313108][T11163] RIP: 0023:0xf7f78579 [ 267.313116][T11163] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 267.313126][T11163] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 267.313137][T11163] RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 0000000080000240 [ 267.313144][T11163] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 267.313149][T11163] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 267.313155][T11163] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 267.313161][T11163] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 267.313171][T11163] [ 267.398550][T11165] netlink: 'syz.0.1477': attribute type 1 has an invalid length. [ 267.440264][T11165] 8021q: adding VLAN 0 to HW filter on device bond6 [ 267.444192][T11165] bond5: (slave bond6): making interface the new active one [ 267.447474][T11165] bond5: (slave bond6): Enslaving as an active interface with an up link [ 267.480706][ T5976] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 267.518848][T11172] loop6: detected capacity change from 0 to 524287487 [ 267.523995][T11172] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.528092][T11172] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.533987][T11172] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.537247][T11172] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.540488][T11172] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.545616][T11172] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.549043][T11172] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.554730][T11172] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.558859][T11172] ldm_validate_partition_table(): Disk read failed. [ 267.562792][T11172] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.565638][T11172] Buffer I/O error on dev loop6, logical block 0, async page read [ 267.568180][T11172] Dev loop6: unable to read RDB block 0 [ 267.570323][T11172] loop6: unable to read partition table [ 267.572878][T11172] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 267.582287][ T40] audit: type=1326 audit(1755817375.615:1993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11171 comm="syz.0.1479" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78579 code=0x7ffc0000 [ 267.601376][ T40] audit: type=1326 audit(1755817375.615:1994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11171 comm="syz.0.1479" exe="/syz-executor" sig=0 arch=40000003 syscall=312 compat=1 ip=0xf7f78579 code=0x7ffc0000 [ 267.605927][ T61] usbhid 7-1:0.0: can't add hid device: -71 [ 267.610303][ T40] audit: type=1326 audit(1755817375.615:1995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11171 comm="syz.0.1479" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78579 code=0x7ffc0000 [ 267.613012][ T61] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 267.619512][ T61] usb 7-1: USB disconnect, device number 16 [ 267.636921][ T40] audit: type=1326 audit(1755817375.615:1996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11171 comm="syz.0.1479" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78579 code=0x7ffc0000 [ 267.645795][ T40] audit: type=1326 audit(1755817375.625:1997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11171 comm="syz.0.1479" exe="/syz-executor" sig=0 arch=40000003 syscall=435 compat=1 ip=0xf7f78579 code=0x7ffc0000 [ 267.655008][ T40] audit: type=1326 audit(1755817375.655:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11171 comm="syz.0.1479" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78579 code=0x7ffc0000 [ 267.662903][ T40] audit: type=1326 audit(1755817375.665:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11171 comm="syz.0.1479" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78579 code=0x7ffc0000 [ 267.722838][T11173] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1479'. [ 267.909094][T11183] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1480'. [ 268.470031][T11201] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 269.238386][T11208] netlink: 'syz.2.1487': attribute type 13 has an invalid length. [ 269.241311][T11208] netlink: 'syz.2.1487': attribute type 17 has an invalid length. [ 269.248725][T11208] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 269.549308][T11225] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 269.792142][T11229] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 269.897057][T11236] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1498'. [ 270.115274][T11243] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1500'. [ 270.179638][T11249] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1503'. [ 270.829687][T11266] random: crng reseeded on system resumption [ 271.472093][T11273] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1508'. [ 271.481459][T11273] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1508'. [ 272.632967][T11296] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1517'. [ 272.644094][T11296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1517'. [ 272.822876][T11301] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 272.955941][T11306] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1519'. [ 272.988624][T11308] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1520'. [ 273.663657][T11331] FAULT_INJECTION: forcing a failure. [ 273.663657][T11331] name failslab, interval 1, probability 0, space 0, times 0 [ 273.682609][T11331] CPU: 1 UID: 0 PID: 11331 Comm: syz.2.1529 Not tainted syzkaller #0 PREEMPT(full) [ 273.682626][T11331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 273.682632][T11331] Call Trace: [ 273.682636][T11331] [ 273.682640][T11331] dump_stack_lvl+0x16c/0x1f0 [ 273.682657][T11331] should_fail_ex+0x512/0x640 [ 273.682674][T11331] should_failslab+0xc2/0x120 [ 273.682688][T11331] __kmalloc_cache_noprof+0x6a/0x3e0 [ 273.682699][T11331] ? __xa_alloc_cyclic+0x1f3/0x340 [ 273.682714][T11331] ? __xdp_reg_mem_model+0x134/0x680 [ 273.682730][T11331] __xdp_reg_mem_model+0x134/0x680 [ 273.682745][T11331] ? __pfx___xdp_reg_mem_model+0x10/0x10 [ 273.682760][T11331] ? page_pool_list+0x1ca/0x240 [ 273.682772][T11331] xdp_reg_mem_model+0x22/0x70 [ 273.682786][T11331] bpf_test_run_xdp_live+0x1c7/0x500 [ 273.682799][T11331] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 273.682812][T11331] ? schedule+0x2d7/0x3a0 [ 273.682824][T11331] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 273.682840][T11331] ? 0xffffffffa0206480 [ 273.682848][T11331] ? 0xffffffffa0206480 [ 273.682855][T11331] ? 0xffffffffa0206480 [ 273.682861][T11331] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 273.682875][T11331] bpf_prog_test_run_xdp+0x824/0x1590 [ 273.682889][T11331] ? lock_release+0x201/0x2f0 [ 273.682903][T11331] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 273.682916][T11331] ? __might_fault+0xb0/0x190 [ 273.682928][T11331] ? fput+0x9b/0xd0 [ 273.682942][T11331] ? __bpf_prog_get+0x97/0x2a0 [ 273.682955][T11331] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 273.682968][T11331] __sys_bpf+0x1050/0x4de0 [ 273.682982][T11331] ? lock_release+0x201/0x2f0 [ 273.682995][T11331] ? __pfx___sys_bpf+0x10/0x10 [ 273.683009][T11331] ? ksys_write+0x190/0x250 [ 273.683020][T11331] ? rcu_is_watching+0x12/0xc0 [ 273.683031][T11331] ? lock_release+0x201/0x2f0 [ 273.683044][T11331] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 273.683065][T11331] ? fput+0x9b/0xd0 [ 273.683078][T11331] ? ksys_write+0x1ac/0x250 [ 273.683089][T11331] ? __pfx_ksys_write+0x10/0x10 [ 273.683102][T11331] __ia32_sys_bpf+0x76/0xe0 [ 273.683117][T11331] __do_fast_syscall_32+0x7c/0x3a0 [ 273.683131][T11331] do_fast_syscall_32+0x32/0x80 [ 273.683145][T11331] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 273.683158][T11331] RIP: 0023:0xf7f17579 [ 273.683166][T11331] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 273.683177][T11331] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 273.683187][T11331] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000600 [ 273.683193][T11331] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 273.683199][T11331] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 273.683205][T11331] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 273.683211][T11331] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 273.683220][T11331] [ 275.303886][T11377] FAULT_INJECTION: forcing a failure. [ 275.303886][T11377] name failslab, interval 1, probability 0, space 0, times 0 [ 275.308356][T11377] CPU: 3 UID: 0 PID: 11377 Comm: syz.2.1545 Not tainted syzkaller #0 PREEMPT(full) [ 275.308373][T11377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 275.308380][T11377] Call Trace: [ 275.308384][T11377] [ 275.308388][T11377] dump_stack_lvl+0x16c/0x1f0 [ 275.308405][T11377] should_fail_ex+0x512/0x640 [ 275.308422][T11377] should_failslab+0xc2/0x120 [ 275.308436][T11377] __kmalloc_cache_noprof+0x6a/0x3e0 [ 275.308447][T11377] ? sctp_add_bind_addr+0xae/0x3f0 [ 275.308459][T11377] sctp_add_bind_addr+0xae/0x3f0 [ 275.308470][T11377] sctp_copy_local_addr_list+0x349/0x550 [ 275.308484][T11377] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 275.308496][T11377] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 275.308509][T11377] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 275.308525][T11377] sctp_bind_addr_copy+0xe0/0x530 [ 275.308537][T11377] sctp_connect_new_asoc+0x1c9/0x770 [ 275.308552][T11377] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 275.308566][T11377] ? rcu_is_watching+0x12/0xc0 [ 275.308577][T11377] ? sctp_sendmsg+0xd3c/0x1e10 [ 275.308590][T11377] ? rcu_is_watching+0x12/0xc0 [ 275.308600][T11377] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 275.308615][T11377] sctp_sendmsg+0x1560/0x1e10 [ 275.308631][T11377] ? __pfx_sctp_sendmsg+0x10/0x10 [ 275.308645][T11377] ? __pfx___might_resched+0x10/0x10 [ 275.308657][T11377] ? aa_sk_perm+0x2f4/0xb10 [ 275.308671][T11377] ? __pfx_aa_sk_perm+0x10/0x10 [ 275.308685][T11377] ? __pfx_sctp_sendmsg+0x10/0x10 [ 275.308699][T11377] inet_sendmsg+0x11c/0x140 [ 275.308710][T11377] __sys_sendto+0x43c/0x520 [ 275.308723][T11377] ? __pfx___sys_sendto+0x10/0x10 [ 275.308740][T11377] ? ksys_write+0x1ac/0x250 [ 275.308751][T11377] ? __pfx_ksys_write+0x10/0x10 [ 275.308763][T11377] __ia32_sys_sendto+0xdd/0x1b0 [ 275.308774][T11377] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 275.308790][T11377] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 275.308804][T11377] __do_fast_syscall_32+0x7c/0x3a0 [ 275.308819][T11377] do_fast_syscall_32+0x32/0x80 [ 275.308832][T11377] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 275.308845][T11377] RIP: 0023:0xf7f17579 [ 275.308853][T11377] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 275.308863][T11377] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 275.308874][T11377] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080847fff [ 275.308881][T11377] RDX: 0000000000034000 RSI: 00000000000000e0 RDI: 000000008005ffe4 [ 275.308887][T11377] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 275.308893][T11377] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 275.308899][T11377] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 275.308908][T11377] [ 276.322657][T11392] netlink: 'syz.2.1548': attribute type 1 has an invalid length. [ 276.327604][T11392] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1548'. [ 276.542090][ T5976] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 276.545587][ T5976] CPU: 2 UID: 0 PID: 5976 Comm: kworker/u33:3 Not tainted syzkaller #0 PREEMPT(full) [ 276.545612][ T5976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 276.545625][ T5976] Workqueue: hci3 hci_rx_work [ 276.545650][ T5976] Call Trace: [ 276.545658][ T5976] [ 276.545666][ T5976] dump_stack_lvl+0x16c/0x1f0 [ 276.545690][ T5976] sysfs_warn_dup+0x7f/0xa0 [ 276.545712][ T5976] sysfs_create_dir_ns+0x24b/0x2b0 [ 276.545734][ T5976] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 276.545753][ T5976] ? kobject_add_internal+0x25b/0x9b0 [ 276.545769][ T5976] ? lock_release+0x201/0x2f0 [ 276.545783][ T5976] ? do_raw_spin_unlock+0x172/0x230 [ 276.545801][ T5976] kobject_add_internal+0x2c4/0x9b0 [ 276.545817][ T5976] kobject_add+0x16e/0x240 [ 276.545832][ T5976] ? __pfx_kobject_add+0x10/0x10 [ 276.545847][ T5976] ? lock_release+0x201/0x2f0 [ 276.545860][ T5976] ? do_raw_spin_unlock+0x172/0x230 [ 276.545875][ T5976] ? kobject_put+0xab/0x5a0 [ 276.545890][ T5976] device_add+0x288/0x1aa0 [ 276.545900][ T5976] ? __pfx_dev_set_name+0x10/0x10 [ 276.545911][ T5976] ? __pfx_device_add+0x10/0x10 [ 276.545920][ T5976] ? mgmt_send_event_skb+0x2fb/0x460 [ 276.545932][ T5976] hci_conn_add_sysfs+0x17e/0x230 [ 276.545945][ T5976] le_conn_complete_evt+0x1075/0x1d70 [ 276.545956][ T5976] ? __pfx___might_resched+0x10/0x10 [ 276.545968][ T5976] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 276.545978][ T5976] ? rcu_is_watching+0x12/0xc0 [ 276.545988][ T5976] ? lock_release+0x201/0x2f0 [ 276.546002][ T5976] hci_le_conn_complete_evt+0x23c/0x370 [ 276.546015][ T5976] hci_le_meta_evt+0x354/0x5e0 [ 276.546026][ T5976] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 276.546040][ T5976] hci_event_packet+0x685/0x11c0 [ 276.546050][ T5976] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 276.546062][ T5976] ? __pfx_hci_event_packet+0x10/0x10 [ 276.546072][ T5976] ? kcov_remote_start+0x36a/0x6d0 [ 276.546086][ T5976] ? rcu_watching_snap_stopped_since+0x100/0x110 [ 276.546098][ T5976] ? rcu_is_watching+0x12/0xc0 [ 276.546110][ T5976] hci_rx_work+0x2c5/0x16b0 [ 276.546122][ T5976] ? rcu_is_watching+0x12/0xc0 [ 276.546134][ T5976] process_one_work+0x9cf/0x1b70 [ 276.546160][ T5976] ? __pfx_rxrpc_peer_keepalive_worker+0x10/0x10 [ 276.546188][ T5976] ? __pfx_process_one_work+0x10/0x10 [ 276.546219][ T5976] ? assign_work+0x1a0/0x250 [ 276.546245][ T5976] worker_thread+0x6c8/0xf10 [ 276.546263][ T5976] ? __pfx_worker_thread+0x10/0x10 [ 276.546273][ T5976] kthread+0x3c5/0x780 [ 276.546293][ T5976] ? __pfx_kthread+0x10/0x10 [ 276.546308][ T5976] ? ret_from_fork+0x25/0x6f0 [ 276.546326][ T5976] ? rcu_is_watching+0x12/0xc0 [ 276.546337][ T5976] ? rcu_is_watching+0x12/0xc0 [ 276.546347][ T5976] ? __pfx_kthread+0x10/0x10 [ 276.546363][ T5976] ret_from_fork+0x5d4/0x6f0 [ 276.546379][ T5976] ? __pfx_kthread+0x10/0x10 [ 276.546394][ T5976] ret_from_fork_asm+0x1a/0x30 [ 276.546412][ T5976] [ 276.546424][ T5976] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 276.567244][ T59] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 276.567707][ T5976] Bluetooth: hci3: failed to register connection device [ 276.727143][ T59] usb 7-1: Using ep0 maxpacket: 8 [ 276.730267][ T59] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 276.733161][ T59] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 276.736489][ T59] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 276.740770][ T59] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 276.744932][ T59] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 276.748655][ T59] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 276.752120][ T59] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 276.756413][ T59] usb 7-1: config 168 interface 0 has no altsetting 0 [ 276.759788][ T59] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 276.762083][ T59] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 276.765534][ T59] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 276.770076][ T59] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 276.774016][ T59] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 276.778007][ T59] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 276.781587][ T59] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 276.785546][ T59] usb 7-1: config 168 interface 0 has no altsetting 0 [ 276.788548][ T59] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 276.790801][ T59] usb 7-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 276.794190][ T59] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 276.798209][ T59] usb 7-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 276.801740][ T59] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 276.805291][ T59] usb 7-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 276.809058][ T59] usb 7-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 276.813298][ T59] usb 7-1: config 168 interface 0 has no altsetting 0 [ 276.818689][ T59] usb 7-1: string descriptor 0 read error: -22 [ 276.820768][ T59] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 276.823628][ T59] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.828766][ T59] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 277.147084][ T59] usb 7-1: USB disconnect, device number 17 [ 277.278613][T11405] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1551'. [ 277.281515][T11405] lo: left allmulticast mode [ 277.283627][T11405] tunl0: left allmulticast mode [ 277.285558][T11405] gre0: left allmulticast mode [ 277.288218][T11405] gretap0: left allmulticast mode [ 277.290388][T11405] erspan0: left allmulticast mode [ 277.292422][T11405] ip_vti0: left allmulticast mode [ 277.294367][T11405] ip6_vti0: left allmulticast mode [ 277.296393][T11405] sit0: left allmulticast mode [ 277.299514][T11405] ip6tnl0: left allmulticast mode [ 277.301482][T11405] ip6gre0: left allmulticast mode [ 277.303471][T11405] syz_tun: left allmulticast mode [ 277.305591][T11405] ip6gretap0: left allmulticast mode [ 277.307774][T11405] vcan0: left allmulticast mode [ 277.309704][T11405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 277.312003][T11405] team0: left allmulticast mode [ 277.313693][T11405] 8021q: adding VLAN 0 to HW filter on device team0 [ 277.315888][T11405] tipc: Resetting bearer [ 277.317713][T11405] tipc: Resetting bearer [ 277.319442][T11405] dummy0: left allmulticast mode [ 277.321515][T11405] nlmon0: left allmulticast mode [ 277.323563][T11405] caif0: left allmulticast mode [ 277.325057][T11405] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 277.330526][ T6027] lo speed is unknown, defaulting to 1000 [ 277.332363][ T6027] syz0: Port: 1 Link ACTIVE [ 277.938715][T11426] syzkaller1: entered promiscuous mode [ 277.940730][T11426] syzkaller1: entered allmulticast mode [ 277.946925][T11426] netlink: 'syz.2.1556': attribute type 1 has an invalid length. [ 277.958699][T11426] bond4: entered promiscuous mode [ 277.960668][T11426] 8021q: adding VLAN 0 to HW filter on device bond4 [ 278.089594][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.092073][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.603311][T11438] lo speed is unknown, defaulting to 1000 [ 278.648076][T11438] lo speed is unknown, defaulting to 1000 [ 278.670249][T11445] evm: overlay not supported [ 278.962245][ T40] kauditd_printk_skb: 6 callbacks suppressed [ 278.962256][ T40] audit: type=1326 audit(1755817386.990:2006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11454 comm="syz.1.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 278.984617][T11467] netlink: 'syz.0.1566': attribute type 1 has an invalid length. [ 278.994144][ T40] audit: type=1326 audit(1755817386.990:2007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11454 comm="syz.1.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 279.006405][ T40] audit: type=1326 audit(1755817386.990:2008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11454 comm="syz.1.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 279.014714][ T40] audit: type=1326 audit(1755817386.990:2009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11454 comm="syz.1.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 279.024582][T11467] bond7: entered promiscuous mode [ 279.028992][T11467] 8021q: adding VLAN 0 to HW filter on device bond7 [ 279.038155][ T40] audit: type=1326 audit(1755817386.990:2010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11454 comm="syz.1.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 279.046709][ T40] audit: type=1326 audit(1755817386.990:2011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11454 comm="syz.1.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 279.055315][ T40] audit: type=1326 audit(1755817386.990:2012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11454 comm="syz.1.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 279.066873][ T40] audit: type=1326 audit(1755817386.990:2013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11454 comm="syz.1.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 279.073684][ T40] audit: type=1326 audit(1755817386.990:2014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11454 comm="syz.1.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 279.084358][ T40] audit: type=1326 audit(1755817386.990:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11454 comm="syz.1.1565" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f35579 code=0x7ffc0000 [ 279.125996][ T59] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 279.183827][T11472] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1569'. [ 279.295848][ T59] usb 8-1: Using ep0 maxpacket: 8 [ 279.299229][ T59] usb 8-1: config 0 has no interfaces? [ 279.301829][ T59] usb 8-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 279.304747][ T59] usb 8-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 279.307639][ T59] usb 8-1: Manufacturer: syz [ 279.310802][ T59] usb 8-1: config 0 descriptor?? [ 279.514426][ T59] usb 8-1: USB disconnect, device number 16 [ 280.047749][T11489] delete_channel: no stack [ 280.058181][T11488] delete_channel: no stack [ 280.117468][T11491] comedi comedi3: comedi_config --init_data is deprecated [ 280.224098][T11497] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 280.235153][T11497] input: syz1 as /devices/virtual/input/input30 [ 280.293964][T11502] input: syz1 as /devices/virtual/input/input31 [ 280.300121][T11502] FAULT_INJECTION: forcing a failure. [ 280.300121][T11502] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 280.304589][T11502] CPU: 0 UID: 0 PID: 11502 Comm: syz.2.1580 Not tainted syzkaller #0 PREEMPT(full) [ 280.304613][T11502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 280.304622][T11502] Call Trace: [ 280.304636][T11502] [ 280.304640][T11502] dump_stack_lvl+0x16c/0x1f0 [ 280.304658][T11502] should_fail_ex+0x512/0x640 [ 280.304674][T11502] _copy_from_user+0x2e/0xd0 [ 280.304690][T11502] input_event_from_user+0x137/0x290 [ 280.304702][T11502] ? __pfx_input_event_from_user+0x10/0x10 [ 280.304713][T11502] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 280.304724][T11502] ? input_event+0xb6/0xd0 [ 280.304734][T11502] uinput_write+0xbe7/0xff0 [ 280.304748][T11502] ? __pfx_uinput_write+0x10/0x10 [ 280.304759][T11502] ? common_file_perm+0x1a9/0x340 [ 280.304773][T11502] ? bpf_lsm_file_permission+0x9/0x10 [ 280.304788][T11502] ? security_file_permission+0x71/0x210 [ 280.304804][T11502] ? rw_verify_area+0xcf/0x6c0 [ 280.304815][T11502] ? __pfx_uinput_write+0x10/0x10 [ 280.304826][T11502] vfs_write+0x29d/0x11d0 [ 280.304839][T11502] ? __pfx_vfs_write+0x10/0x10 [ 280.304850][T11502] ? __fget_files+0x204/0x3c0 [ 280.304860][T11502] ? rcu_is_watching+0x12/0xc0 [ 280.304871][T11502] ? lock_release+0x201/0x2f0 [ 280.304885][T11502] ? __fget_files+0x20e/0x3c0 [ 280.304897][T11502] ksys_write+0x1f8/0x250 [ 280.304908][T11502] ? __pfx_ksys_write+0x10/0x10 [ 280.304920][T11502] ? rcu_is_watching+0x12/0xc0 [ 280.304931][T11502] __do_fast_syscall_32+0x7c/0x3a0 [ 280.304945][T11502] do_fast_syscall_32+0x32/0x80 [ 280.304958][T11502] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 280.304971][T11502] RIP: 0023:0xf7f17579 [ 280.304979][T11502] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 280.304990][T11502] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 280.305001][T11502] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000900 [ 280.305008][T11502] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000000 [ 280.305013][T11502] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 280.305019][T11502] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 280.305025][T11502] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 280.305035][T11502] [ 280.492801][T11509] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 280.686391][T11520] netlink: 'syz.1.1587': attribute type 21 has an invalid length. [ 281.107529][T11532] FAULT_INJECTION: forcing a failure. [ 281.107529][T11532] name failslab, interval 1, probability 0, space 0, times 0 [ 281.111480][T11532] CPU: 3 UID: 0 PID: 11532 Comm: syz.2.1591 Not tainted syzkaller #0 PREEMPT(full) [ 281.111497][T11532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 281.111503][T11532] Call Trace: [ 281.111508][T11532] [ 281.111512][T11532] dump_stack_lvl+0x16c/0x1f0 [ 281.111529][T11532] should_fail_ex+0x512/0x640 [ 281.111545][T11532] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 281.111561][T11532] should_failslab+0xc2/0x120 [ 281.111575][T11532] __kmalloc_noprof+0xd2/0x510 [ 281.111588][T11532] tomoyo_realpath_from_path+0xc2/0x6e0 [ 281.111603][T11532] ? tomoyo_profile+0x47/0x60 [ 281.111613][T11532] tomoyo_path_number_perm+0x245/0x580 [ 281.111625][T11532] ? tomoyo_path_number_perm+0x237/0x580 [ 281.111637][T11532] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 281.111652][T11532] ? preempt_count_add+0x76/0x150 [ 281.111670][T11532] ? rcu_is_watching+0x12/0xc0 [ 281.111681][T11532] ? __fget_files+0x204/0x3c0 [ 281.111692][T11532] ? hook_file_ioctl_common+0x145/0x410 [ 281.111728][T11532] ? lock_release+0x201/0x2f0 [ 281.111746][T11532] ? __fget_files+0x20e/0x3c0 [ 281.111757][T11532] security_file_ioctl_compat+0x9b/0x240 [ 281.111771][T11532] __ia32_compat_sys_ioctl+0xc3/0x370 [ 281.111788][T11532] __do_fast_syscall_32+0x7c/0x3a0 [ 281.111803][T11532] do_fast_syscall_32+0x32/0x80 [ 281.111816][T11532] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 281.111829][T11532] RIP: 0023:0xf7f17579 [ 281.111838][T11532] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 281.111848][T11532] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 281.111859][T11532] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0845657 [ 281.111865][T11532] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 281.111871][T11532] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 281.111877][T11532] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 281.111883][T11532] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 281.111893][T11532] [ 281.111897][T11532] ERROR: Out of memory at tomoyo_realpath_from_path. [ 281.653815][T11538] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 281.878405][T11552] syz.0.1595 (11552): drop_caches: 2 [ 281.880726][T11552] syz.0.1595 (11552): drop_caches: 2 [ 282.120670][T11562] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.125719][T11562] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.288099][T11573] lo: entered allmulticast mode [ 282.289956][T11573] tunl0: entered allmulticast mode [ 282.294714][T11573] gre0: entered allmulticast mode [ 282.301167][T11573] gretap0: entered allmulticast mode [ 282.309475][T11573] erspan0: entered allmulticast mode [ 282.312195][T11574] overlayfs: failed to clone lowerpath [ 282.313775][T11573] ip_vti0: entered allmulticast mode [ 282.316669][T11574] overlayfs: failed to clone upperpath [ 282.326892][T11573] ip6_vti0: entered allmulticast mode [ 282.330207][T11573] sit0: entered allmulticast mode [ 282.332971][T11573] ip6tnl0: entered allmulticast mode [ 282.344108][T11573] ip6gre0: entered allmulticast mode [ 282.349915][T11573] syz_tun: entered allmulticast mode [ 282.355677][T11573] ip6gretap0: entered allmulticast mode [ 282.359758][T11573] bridge0: entered allmulticast mode [ 282.365819][T11573] vcan0: entered allmulticast mode [ 282.369517][T11573] bond0: entered allmulticast mode [ 282.371275][T11573] bond_slave_0: entered allmulticast mode [ 282.373169][T11573] bond_slave_1: entered allmulticast mode [ 282.378918][T11573] team0: entered allmulticast mode [ 282.380654][T11573] team_slave_0: entered allmulticast mode [ 282.382548][T11573] team_slave_1: entered allmulticast mode [ 282.387105][T11573] dummy0: entered allmulticast mode [ 282.393534][T11573] nlmon0: entered allmulticast mode [ 282.396343][T11573] caif0: entered allmulticast mode [ 282.398940][T11573] batadv0: entered allmulticast mode [ 282.404066][T11573] vxcan0: entered allmulticast mode [ 282.407897][T11573] vxcan1: entered allmulticast mode [ 282.410553][T11573] veth0: entered allmulticast mode [ 282.419159][T11573] wg0: entered allmulticast mode [ 282.423976][T11573] wg1: entered allmulticast mode [ 282.428911][T11573] wg2: entered allmulticast mode [ 282.431393][T11573] veth0_to_bridge: entered allmulticast mode [ 282.438435][T11573] veth1_to_bridge: entered allmulticast mode [ 282.445830][T11573] veth0_to_bond: entered allmulticast mode [ 282.450533][T11573] veth1_to_bond: entered allmulticast mode [ 282.456594][T11573] veth0_to_team: entered allmulticast mode [ 282.464154][T11573] veth1_to_team: entered allmulticast mode [ 282.469461][T11573] veth0_to_batadv: entered allmulticast mode [ 282.474877][T11573] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 282.477297][T11573] batadv_slave_0: entered allmulticast mode [ 282.479988][T11573] veth1_to_batadv: entered allmulticast mode [ 282.485919][T11573] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 282.489070][T11573] batadv_slave_1: entered allmulticast mode [ 282.492400][T11573] xfrm0: entered allmulticast mode [ 282.495306][T11573] veth1_to_hsr: entered allmulticast mode [ 282.502610][T11573] hsr_slave_1: entered allmulticast mode [ 282.505754][T11573] hsr0: entered allmulticast mode [ 282.508139][T11573] veth1_virt_wifi: entered allmulticast mode [ 282.512311][T11573] veth0_virt_wifi: entered allmulticast mode [ 282.519036][T11573] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 282.521507][T11573] veth1_vlan: entered allmulticast mode [ 282.524893][T11573] veth0_vlan: entered allmulticast mode [ 282.528644][T11573] vlan0: entered allmulticast mode [ 282.530223][T11573] vlan1: entered allmulticast mode [ 282.535227][T11573] macvlan0: entered allmulticast mode [ 282.543490][T11573] macvlan1: entered allmulticast mode [ 282.546728][T11573] ipvlan0: entered allmulticast mode [ 282.548431][T11573] ipvlan1: entered allmulticast mode [ 282.550159][T11573] veth1_macvtap: entered allmulticast mode [ 282.554286][T11573] veth0_macvtap: entered allmulticast mode [ 282.562881][T11573] macvtap0: entered allmulticast mode [ 282.565430][T11573] macsec0: entered allmulticast mode [ 282.569939][T11573] geneve0: entered allmulticast mode [ 282.575408][T11573] geneve1: entered allmulticast mode [ 282.590650][T11573] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 282.597090][T11573] netdevsim netdevsim2 netdevsim1: entered allmulticast mode [ 282.616197][T11573] netdevsim netdevsim2 netdevsim2: entered allmulticast mode [ 282.622162][T11573] netdevsim netdevsim2 netdevsim3: entered allmulticast mode [ 282.639416][T11573] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 282.643777][T11573] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 282.646443][T11573] erspan0.1: entered allmulticast mode [ 282.649008][T11573] vlan0.1: entered allmulticast mode [ 282.651488][T11573] mac80211_hwsim hwsim12 wlan2: entered allmulticast mode [ 282.653866][T11573] bond1: entered allmulticast mode [ 282.655952][T11573] mac80211_hwsim hwsim13 wlan3: entered allmulticast mode [ 282.658781][T11573] bond2: left promiscuous mode [ 282.660858][T11573] bond2: entered allmulticast mode [ 282.664777][T11573] macsec1: entered allmulticast mode [ 282.668330][T11573] bridge1: left promiscuous mode [ 282.670395][T11573] bridge1: entered allmulticast mode [ 282.675570][T11573] vxlan0: entered allmulticast mode [ 282.679349][T11573] bond3: entered allmulticast mode [ 282.682564][T11573] bond4: left promiscuous mode [ 282.684976][T11573] bond4: entered allmulticast mode [ 282.687930][T11573] bridge0.257: entered allmulticast mode [ 282.689707][T11573] mac80211_hwsim hwsim16 wlan4: entered allmulticast mode [ 282.691977][ T92] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.694601][ T92] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.698373][ T92] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.701999][ T92] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.706898][ T92] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.710781][ T92] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.714699][ T92] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 282.718333][ T92] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.884273][T11587] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 283.338441][T11593] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 283.343287][T11593] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 283.345906][T11593] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 283.612977][T11600] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 283.615806][T11600] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 283.620407][T11600] vhci_hcd vhci_hcd.0: Device attached [ 283.729614][T11608] overlayfs: failed to clone lowerpath [ 283.742536][T11608] overlayfs: failed to clone upperpath [ 283.963521][ T1327] usb 38-1: SetAddress Request (6) to port 0 [ 283.966095][ T1327] usb 38-1: new SuperSpeed USB device number 6 using vhci_hcd [ 284.100435][T11606] vhci_hcd: connection reset by peer [ 284.102249][ T12] vhci_hcd: stop threads [ 284.103624][ T12] vhci_hcd: release socket [ 284.105033][ T12] vhci_hcd: disconnect device [ 284.603218][T11575] BUG: sleeping function called from invalid context at mm/vmalloc.c:3409 [ 284.606194][T11575] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 11575, name: syz.3.1606 [ 284.610925][T11575] preempt_count: 1, expected: 0 [ 284.612912][T11575] RCU nest depth: 0, expected: 0 [ 284.614539][T11575] INFO: lockdep is turned off. [ 284.616015][T11575] Preemption disabled at: [ 284.616021][T11575] [] schedule+0xe0/0x3a0 [ 284.619416][T11575] CPU: 1 UID: 0 PID: 11575 Comm: syz.3.1606 Not tainted syzkaller #0 PREEMPT(full) [ 284.619441][T11575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 284.619454][T11575] Call Trace: [ 284.619460][T11575] [ 284.619467][T11575] dump_stack_lvl+0x16c/0x1f0 [ 284.619491][T11575] __might_resched+0x3c0/0x5e0 [ 284.619509][T11575] ? __pfx___might_resched+0x10/0x10 [ 284.619525][T11575] ? pcpu_block_update+0x562/0x660 [ 284.619551][T11575] ? pcpu_chunk_relocate+0x126/0x190 [ 284.619569][T11575] vfree+0x75/0xb50 [ 284.619595][T11575] ? rcu_is_watching+0x12/0xc0 [ 284.619613][T11575] ? kfree+0x24f/0x4d0 [ 284.619628][T11575] ? free_percpu+0x6db/0x13c0 [ 284.619648][T11575] futex_hash_free+0x98/0xc0 [ 284.619691][T11575] __mmdrop+0x33f/0x580 [ 284.619713][T11575] ? rcu_is_watching+0x12/0xc0 [ 284.619731][T11575] finish_task_switch.isra.0+0x7a4/0xc10 [ 284.619750][T11575] ? __switch_to+0x7a5/0x11a0 [ 284.619771][T11575] __schedule+0x1198/0x5de0 [ 284.619789][T11575] ? __pfx_debug_object_activate+0x10/0x10 [ 284.619817][T11575] ? __pfx___schedule+0x10/0x10 [ 284.619839][T11575] ? schedule+0x2d7/0x3a0 [ 284.619856][T11575] ? rcu_is_watching+0x12/0xc0 [ 284.619873][T11575] ? lock_release+0x201/0x2f0 [ 284.619897][T11575] schedule+0xe7/0x3a0 [ 284.619915][T11575] schedule_timeout+0x123/0x290 [ 284.619931][T11575] ? __pfx_schedule_timeout+0x10/0x10 [ 284.619948][T11575] ? __pfx_process_timeout+0x10/0x10 [ 284.619968][T11575] ? rcu_is_watching+0x12/0xc0 [ 284.619985][T11575] ? rcu_is_watching+0x12/0xc0 [ 284.620004][T11575] snd_pcm_drain+0x7a3/0xd70 [ 284.620024][T11575] ? __pfx_snd_pcm_drain+0x10/0x10 [ 284.620042][T11575] ? __pfx_default_wake_function+0x10/0x10 [ 284.620063][T11575] snd_pcm_kernel_ioctl+0xca/0x2e0 [ 284.620083][T11575] snd_pcm_oss_sync+0x113/0x840 [ 284.620101][T11575] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 284.620117][T11575] snd_pcm_oss_release+0x28b/0x310 [ 284.620134][T11575] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 284.620150][T11575] __fput+0x3ff/0xb70 [ 284.620182][T11575] task_work_run+0x14d/0x240 [ 284.620210][T11575] ? __pfx_task_work_run+0x10/0x10 [ 284.620237][T11575] ? __pfx___do_sys_close_range+0x10/0x10 [ 284.620260][T11575] exit_to_user_mode_loop+0xeb/0x110 [ 284.620287][T11575] __do_fast_syscall_32+0x2ac/0x3a0 [ 284.620311][T11575] do_fast_syscall_32+0x32/0x80 [ 284.620335][T11575] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 284.620357][T11575] RIP: 0023:0xf7f34579 [ 284.620370][T11575] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 284.620387][T11575] RSP: 002b:00000000ffc430ac EFLAGS: 00000202 ORIG_RAX: 00000000000001b4 [ 284.620406][T11575] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e [ 284.620416][T11575] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 284.620426][T11575] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 284.620436][T11575] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 284.620446][T11575] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 284.620462][T11575] [ 284.649317][T11614] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1617'. [ 285.272853][ T5980] Bluetooth: hci1: command 0x0406 tx timeout [ 285.352958][ T5980] Bluetooth: hci3: command 0x0405 tx timeout [ 285.352986][ T5988] Bluetooth: hci2: command 0x0406 tx timeout [ 285.355692][T11593] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 285.359749][T11593] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 285.363076][T11593] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 287.351835][ T5980] Bluetooth: hci1: command 0x0406 tx timeout [ 287.431890][ T5980] Bluetooth: hci3: command 0x0405 tx timeout [ 289.041042][ T1327] usb 38-1: device descriptor read/8, error -110 [ 289.431149][ T1327] usb usb38-port1: attempt power cycle [ 289.510723][ T5980] Bluetooth: hci3: command 0x0405 tx timeout [ 290.001279][ T1327] usb usb38-port1: unable to enumerate USB device [ 291.589738][ T5980] Bluetooth: hci3: command 0x0405 tx timeout VM DIAGNOSIS: 22:58:56 Registers: info registers vcpu 0 CPU#0 RAX=00000000008f66b4 RBX=0000000000000000 RCX=ffffffff8b908bf9 RDX=ffffed1005646656 RSI=ffffffff8c162c80 RDI=ffffffff8190cca1 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08 R8 =0000000000000000 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab7690 R15=0000000000000000 RIP=ffffffff8b90775f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f5456b04 CR3=00000000679e8000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000006d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85616c45 RDI=ffffffff9b0f8680 RBP=ffffffff9b0f8640 RSP=ffffc900030572a8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=696d6f74615f6e69 R12=0000000000000000 R13=000000000000006d R14=ffffffff9b0f8640 R15=ffffffff85616be0 RIP=ffffffff85616c6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880975c4000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000032004ff8 CR3=00000000788de000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 def4701947d4e2c1 da0e812d74b64741 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b9b2ceafe4b22b30 6a007da8365e028d ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a9ebd09a16f45bc cc1046500162455c ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 37da1147d89b6633 c3e68102a30d8982 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000002e00 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 50265200b3eda036 a94fad1b0c466629 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 65a2f4000725d10e 0000ad7e00000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 80010000b18ec000 0000ad750000ad71 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 671e760002405600 0000ad7d0000ad70 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a95a52f380d84765 bde440bfa00b173c ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d91562c30f40fdcd 2341bdce44046822 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff84e90a3a RDX=0000000000000000 RSI=0000000000000000 RDI=0000000000000000 RBP=ffffc90003947320 RSP=ffffc900039471e0 R8 =0000000000000005 R9 =0000000000000004 R10=0000000000000004 R11=0000000000000012 R12=1ffff92000728e46 R13=ffffc90003947430 R14=0000000000000004 R15=ffffffff8c1656c8 RIP=ffffffff81bb08d0 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fc697357300 ffffffff 00c00000 GS =0000 ffff8880976c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000561756985000 CR3=000000004b9ff000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000003000000012 0004000000080024 0000000000280034 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000659 0000001400000000 0000000000000000 0000000000000015 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 002e01ffffffffff fffffffb08000300 000dd62000002211 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ebd2d29aae87034a 20e4ff0ceb1014c4 82b938c0eeb81200 3aae5cd487f89f82 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 b9a1cc897a927988 543e3f3cf3c5450f 9f8da1e7766bea0b b4ca766874b51966 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3781dc2814f63ff3 418eef7fa2273708 fa6f84f6026c339d 4579cc5c2582eed4 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0305ecfa8b5a2d01 808008000302c080 8dfc080000020100 0000080606010dd2 ZMM24=ce1ef169ce1ef169 ce1ef169ce1ef169 ce1ef169ce1ef169 ce1ef169ce1ef169 ce1ef169ce1ef169 ce1ef169ce1ef169 ce1ef169ce1ef169 ce1ef169ce1ef169 ZMM25=ed7e92fbed7e92fb ed7e92fbed7e92fb ed7e92fbed7e92fb ed7e92fbed7e92fb ed7e92fbed7e92fb ed7e92fbed7e92fb ed7e92fbed7e92fb ed7e92fbed7e92fb ZMM26=8798f5728798f572 8798f5728798f572 8798f5728798f572 8798f5728798f572 8798f5728798f572 8798f5728798f572 8798f5728798f572 8798f5728798f572 ZMM27=d0d3b8e9d0d3b8e9 d0d3b8e9d0d3b8e9 d0d3b8e9d0d3b8e9 d0d3b8e9d0d3b8e9 d0d3b8e9d0d3b8e9 d0d3b8e9d0d3b8e9 d0d3b8e9d0d3b8e9 d0d3b8e9d0d3b8e9 ZMM28=000000900000008f 0000008e0000008d 0000008c0000008b 0000008a00000089 0000008800000087 0000008600000085 0000008400000083 0000008200000081 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=f10c0000f10c0000 f10c0000f10c0000 f10c0000f10c0000 f10c0000f10c0000 f10c0000f10c0000 f10c0000f10c0000 f10c0000f10c0000 f10c0000f10c0000 info registers vcpu 3 CPU#3 RAX=000000000049669c RBX=0000000000000003 RCX=ffffffff8b908bf9 RDX=ffffed10056a6656 RSI=ffffffff8c162c80 RDI=ffffffff8190cca1 RBP=ffffed1003867000 RSP=ffffc9000048fdf8 R8 =0000000000000000 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000001 R12=0000000000000003 R13=ffff88801c338000 R14=ffffffff90ab7690 R15=0000000000000000 RIP=ffffffff8b90775f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977c4000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7163b10 CR3=000000005a4a0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 66a4aaef050bc4e3 72756d2ddb1559f5 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ed0e00935c69d197 817838be84a493ac ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 31dba8e8988b5944 eb3b818c62508899 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 47f46ff624f32f98 0cf3528d8fe5a583 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000002e40 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ad7f 2459820080a60800 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ad7e0000ad80 8001000081a77c00 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000e099f800 f49a93000631b600 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 800100000000ad80 0000ad80593ead00 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 def4701947d4e2c1 da0e812d74b64741 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b9b2ceafe4b22b30 6a007da8365e028d ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000