last executing test programs: 2.650189866s ago: executing program 2 (id=2820): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x5, 0x424242) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) setpriority(0x0, 0x0, 0xacf0165) r3 = fanotify_init(0x200, 0x0) fanotify_mark(r3, 0x1, 0x4800003e, r1, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40d2) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB]) r4 = socket$inet6(0xa, 0x1, 0x84) setsockopt$inet6_int(r4, 0x29, 0x46, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000c40)='.\x00', 0x0, 0x0, 0x2901090, 0x0) syz_emit_vhci(&(0x7f0000000880)=ANY=[@ANYBLOB="042fff01ffffffffffff030863d9ff03009f7dbe22ff0f00fc44ea6d1aec274c8968917697e62edc322898c618f3fb5e491f9e8adff68d373fb0734adfc545389458b825340c8c8f5c492078d00adc867641fcb0351732cefa32848d5e44c43df47371c93da4cdff225f61b624958bd6668dc99425d17400bb3e5dbe078b3a7451e54dc0c2587964a6886f01d4e5784f8f72466d7b66c8f914cf3a4b3b61cd721e36df2e08fec18c94317d8bb53ef342ff391f7034a4f3639116e19551aac5539c313ea03737d2c1404121a85b892b08815abf97626ad48ea349fdba0cb4757dbcea513381c76a1c3d6e79f0d14e3a27d93b600168eebe"], 0x102) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') ioctl$EVIOCSREP(r0, 0x40084503, 0x0) 2.581661174s ago: executing program 2 (id=2822): write$usbip_server(0xffffffffffffffff, &(0x7f0000000380)=ANY=[], 0xfffffffffffffd8e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000014000", 0x58}], 0x1) 2.439624706s ago: executing program 2 (id=2823): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x4a, &(0x7f0000000000)=0x98a3, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_names\x00') r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)={0x380, r3, 0x200, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x364, 0x11d, 0x0, 0x1, [{0x324, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8001}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x8}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x2e4, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x24, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x12]}]}, @NL80211_BAND_5GHZ={0x60, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0xc, 0x0, 0x1b, 0x18, 0x3, 0xb, 0x6c, 0x36, 0x3, 0x3, 0x24, 0x5, 0x5, 0x0, 0x6c, 0x48, 0x12, 0x3, 0x6f, 0x5, 0x60, 0x84e408657c431f4b, 0x24, 0x13, 0x2d]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x22, 0x2, [{0x7, 0x9}, {0x3, 0x6}, {0x0, 0x9}, {0x6, 0x9}, {0x2, 0x4}, {0x3, 0x9}, {0x1, 0x5}, {0x3, 0x6}, {0x6, 0x5}, {0x1, 0xa}, {0x6, 0x1}, {0x6, 0x3}, {0x5, 0x8}, {0x7, 0x5}, {0x2, 0xa}, {0x4, 0x8}, {0x7, 0x6}, {0x6, 0x7}, {0x6, 0x8}, {0x3, 0x4}, {0x1, 0xc}, {0x7, 0x7}, {0x6, 0x2}, {0x5}, {}, {0x3, 0x5}, {0x1, 0x3}, {0x7, 0x9}, {0x5, 0x1}, {0x4, 0xa}]}]}, @NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x8, 0x3ff, 0x9, 0x6, 0x2, 0x8228, 0x6]}}]}, @NL80211_BAND_2GHZ={0x6c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x1b, 0x16, 0x60, 0x6, 0x18, 0x16, 0x18, 0x24, 0x24, 0x0, 0xb, 0x6, 0x5, 0x9, 0x2, 0x31, 0x12, 0xb, 0x24, 0xb, 0x2, 0x18]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x24, 0x1, [0x9, 0x49, 0x3, 0x60, 0x2, 0x0, 0x4, 0xc8995b8f0f63be91, 0x12, 0xc, 0x48, 0x1, 0x24, 0x5, 0x12, 0x4, 0x1b, 0x6c, 0x3, 0x18, 0x6, 0x6c, 0x16, 0x24, 0x6c, 0x36, 0x0, 0xb, 0x12, 0x3, 0x0, 0x24]}, @NL80211_TXRATE_HT={0x14, 0x2, [{0x4, 0xa}, {0x5, 0x4}, {0x5, 0x8}, {0x0, 0x7}, {0x7, 0x9}, {0x0, 0x8}, {0x3, 0x3}, {0x3, 0x6}, {0x5, 0x8}, {0x7, 0x5}, {0x4, 0x4}, {0x4, 0x5}, {0x2, 0x8}, {0x3, 0x8}, {0x2, 0x2}, {0x0, 0x4}]}, @NL80211_TXRATE_HT={0x4}]}, @NL80211_BAND_6GHZ={0x24, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x1b, 0x1b, 0x3, 0x2, 0x6c, 0x1b, 0x48, 0x6c, 0x24, 0x4, 0x3, 0x3, 0x36, 0x3, 0xb, 0x3, 0x1b, 0x16, 0x9, 0x30]}]}, @NL80211_BAND_6GHZ={0xa0, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x2c39, 0x0, 0xff00, 0x64b9, 0x400, 0x1ff, 0x9, 0x3]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xbba, 0xde8d, 0x8, 0x0, 0x4a, 0x0, 0xfff8, 0x7]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x33, 0x2, [{0x0, 0x5}, {0x4, 0x9}, {0x0, 0x3}, {0x6, 0x5}, {0x1, 0x1}, {0x6, 0x8}, {0x7, 0x8}, {0x1, 0x9}, {0x3, 0x8}, {0x6, 0x8}, {0x6, 0xa}, {0x4, 0x6}, {0x5, 0x6}, {0x6, 0x2}, {0x6, 0x2}, {0x5, 0x3}, {}, {0x0, 0xa}, {0x5}, {0x5, 0x8}, {0x7, 0x4}, {0x0, 0x6}, {0x4, 0x4}, {0x1, 0x4}, {0x3, 0x4}, {0x1, 0x5}, {0x1, 0x7}, {0x1, 0x1}, {0x2, 0x6}, {0x2, 0x4}, {0x2, 0x3}, {0x1, 0x4}, {0x5, 0x3}, {0x3, 0x6}, {0x1, 0x6}, {0x0, 0x4}, {0x0, 0x4}, {0x3, 0xa}, {0x7, 0x3}, {0x6, 0x1}, {0x1, 0x7}, {0x4, 0xa}, {0x5, 0x4}, {0x2, 0x1}, {0x0, 0x6}, {0x5, 0x4}, {0x4, 0x3}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xcab4, 0xff2b, 0x27, 0xfffe, 0xfcc3, 0x4, 0x401, 0x8000]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x6b41, 0xe11, 0x8, 0x6c, 0xffff, 0x2, 0x4]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0xc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_6GHZ={0x8c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x40, 0x3, 0x5a77, 0x80, 0x80, 0xe9a5, 0x8000]}}, @NL80211_TXRATE_HT={0x12, 0x2, [{0x1, 0x6}, {0x6, 0x7}, {0x1, 0x7}, {0x1, 0x9}, {0x7}, {0x1, 0x8}, {0x5, 0x4}, {0x5}, {0x6, 0x3}, {0x5, 0x2}, {0x1, 0x2}, {0x5, 0x2}, {0x1, 0xa}, {0x6, 0x6}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0x9, 0x9, 0x7fe, 0x4, 0x2, 0x1, 0x5]}}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x2, 0x36, 0x5, 0x2, 0x6]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x13, 0x1, [0xb, 0x12, 0x48, 0x18, 0x1, 0x0, 0x18, 0x18, 0x16, 0x36, 0x18, 0x6, 0x60, 0x48, 0x24]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x45, 0x628, 0x7, 0xc0, 0x0, 0xba, 0x20c, 0xbb]}}]}, @NL80211_BAND_2GHZ={0x34, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x6, 0x3, 0x1000, 0x2, 0xe2e, 0x4, 0x2]}}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x4, 0x6c, 0x4, 0x60, 0x1b, 0x6, 0x12, 0x12, 0xc, 0x30, 0x2, 0xa, 0x12, 0x2, 0x1b, 0x0]}]}, @NL80211_BAND_2GHZ={0x48, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x9, 0x0, 0x0, 0x8, 0x8, 0x7ff, 0x2]}}, @NL80211_TXRATE_HT={0x14, 0x2, [{0x4, 0x3}, {0x5, 0x8}, {0x0, 0x2}, {0x4, 0xa}, {0x4, 0x3}, {0x1, 0x6}, {0x5}, {0x3, 0x5}, {0x2}, {0x1}, {}, {0x6, 0x5}, {0x3, 0x4}, {0x7, 0x2}, {0x3, 0x2}, {0x1, 0xa}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0x2, 0x1, 0x0, 0x8, 0xb51, 0x4, 0x81]}}]}]}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x46}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xa}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x32}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xb8}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x26}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x1c3f}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x33}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x28}]}]}]}, 0x380}, 0x1, 0x0, 0x0, 0x8054}, 0x20000081) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000e00)=@newtaction={0x8c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x78, 0x1, [@m_police={0x74, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [[@TCA_POLICE_RESULT={0x8, 0x5, 0x2}], [@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) syz_open_dev$vim2m(&(0x7f0000000180), 0x6, 0x2) mkdir(&(0x7f0000000400)='./file0\x00', 0x8) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x6, 0x7e000000, 0x3, 0x4, 0x1}) mkdir(&(0x7f0000000400)='./bus\x00', 0xc) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r4 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) write$binfmt_script(r4, &(0x7f0000000280)={'#! ', './file0/file0', [{}, {0x20, ',\x98,$!'}, {0x20, 'E#\xf0\x1c\x1c\x15\x92\xe7#\xff\n!\xf7\xac3\xba>/\xd1&\xc1<\x02\xdf\xd3[\xfd\xe7\xb9\x1f`%\x17\b?\xac\xe4p\xbe\t\xfe\\\xf1\xb3d[y\x0f\xc5\xd5\xd7\xd7\n\x12\x91\x90\xa3/o\xaf\x94\xdc\x18_\x82\xd9\x05b\x8b/\xc84z\xc1A%:\xf8\xf9\xab\xdc\x1a+\xa1h\xd2\x89\xe0lLO\xa1\xab\a\xa8\xfax\x8c\x16J\xe2Ep'}]}, 0x80) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e1f, @remote}, 0x10) setsockopt$sock_linger(r5, 0x1, 0x3d, &(0x7f0000000080)={0x1}, 0x8) sendmmsg$sock(r5, &(0x7f0000000340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[@txtime={{0x18, 0x1, 0x3d, 0x3}}], 0x18}}], 0x1, 0x20000844) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000100)='sys_exit\x00', r6}, 0x18) fchmod(r6, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) 2.361574609s ago: executing program 2 (id=2824): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x6e}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0xffffff90}, 0x48) 2.359481947s ago: executing program 2 (id=2825): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000010000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a01040000000000000000020000003c000480380001800e000100696d6d65646961746500000024000280180002801400028008000340ebffffff07000180fffffffd08000140000000000900010073797a30000000000900020073797a32"], 0x90}, 0x1, 0x0, 0x0, 0xfff5}, 0x0) 2.291184803s ago: executing program 2 (id=2826): mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='1', 0xffffffffffffff55) r2 = syz_io_uring_setup(0x238, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, 0x0) clock_getres(0xeef77201c7a121ec, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e22}, 0x21) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r5, 0x0, 0xaf4, 0x0) 1.301364141s ago: executing program 3 (id=2838): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='.\x00', 0x0, 0x0, 0x24, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000002000010329bd70001000000002000004030000070200000014001100696163767461703000"], 0x38}, 0x1, 0x0, 0x0, 0x240480c4}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="3800000010003704feffffff0000feff00000000", @ANYRES32=0x0, @ANYBLOB="8b040400000000001800128008000100736974000c00028008000300ff"], 0x38}, 0x1, 0x0, 0x0, 0x4c050}, 0x20000000) 1.220688798s ago: executing program 3 (id=2839): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r1, 0x0, r0, 0x0, 0x1, 0x0) vmsplice(r0, &(0x7f00000013c0)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PACKETS_PER_SLAVE={0x8}]}}}]}, 0x3c}}, 0x0) 1.040173283s ago: executing program 3 (id=2840): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @fwd, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x7, &(0x7f0000000180)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @map_val, @exit]}, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94) 1.036742237s ago: executing program 3 (id=2842): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_QUERYBUF_DMABUF(r1, 0xc0585609, &(0x7f0000000580)={0x1, 0xe, 0x4, 0x4002, 0xd3f, {}, {0x3, 0x8, 0xcb, 0x5, 0x7c, 0x5, "b2cb8430"}, 0x55, 0x4, {}, 0x7}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x1b, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x17}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x23}, @printk={@i, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0xdf) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x89b0, &(0x7f0000000040)={'bond0\x00', 0x4000}) 970.819882ms ago: executing program 3 (id=2844): r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x60, 0x10, 0x44b, 0x70bd2c, 0x25dfdbfc, {0x7a, 0x0, 0x0, 0x0, 0x1000, 0x9020}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x8000000000000001}, @IFLA_BR_MCAST_ROUTER={0x5}, @IFLA_BR_MCAST_HASH_MAX={0x8, 0x1b, 0xf4b}, @IFLA_BR_NF_CALL_IP6TABLES={0x5, 0x25, 0x1}, @IFLA_BR_NF_CALL_IPTABLES={0x5}]}}}]}, 0x60}, 0x1, 0x0, 0xffffffa1}, 0x0) socket(0x2, 0x80805, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) r3 = syz_io_uring_setup(0x57a0, &(0x7f0000000080)={0x0, 0xd498, 0x40, 0x1, 0x348}, &(0x7f0000000100), &(0x7f0000000140)) r4 = socket$key(0xf, 0x3, 0x2) recvmmsg(r4, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x40010103, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0xa, 0x0, r5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_FILES_UPDATE={0x14, 0x2c, 0x0, 0x0, 0xa78, &(0x7f00000004c0)=[r0, r0, r0], 0x3, 0x0, 0x0, {0x0, r5}}) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x800, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0x0) 648.470472ms ago: executing program 3 (id=2848): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0xb4}, 0x1, 0x0, 0x0, 0x890}, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0xe0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000580)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x45, &(0x7f0000000680)=[{}], 0x8, 0x10, &(0x7f00000006c0), 0x0, 0x0, 0x89, 0x8, 0x8, &(0x7f0000000740)}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000005c0)=ANY=[@ANYRES16=r2], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x10, 0x3}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f00000007c0)=[{0x0}, {&(0x7f0000000500)=""/25, 0x19}, {&(0x7f0000000540)=""/29, 0x1d}], 0x3, &(0x7f0000000800)=""/53, 0x35}, 0xfffffff0}], 0x1, 0x40012140, &(0x7f0000000a00)) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x41, 0x0, 0x7, 0x7ffc0001}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000001e000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10) r8 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) ioctl$DRM_IOCTL_SET_MASTER(r8, 0x641e) syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x10000000}, &(0x7f0000000340)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b40)={0x18, 0x5, &(0x7f0000000c00)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000f14cb904446cfdc96107000000000000009510f88053b13b7ad3588a08feeebff35c6962a68f3a46b65dbe9fdee254040b34a30f7bb3aa7d155b72a73f8dfdcaf137c47de504a88c953c70aa997ca77dcd95417ef7451d96739f44a15d9df9ee9303f745238cc39ee176cd5b5c3787a554516b127d2a97f7737d7221b565f6948c3864a7b4ea4b459c206424f9ff9ce2ff2182402de71280f3b02ef52687b72937150d89d4a1d731e8ad52b4", @ANYRES8=r9], &(0x7f0000000040)='GPL\x00', 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_stats_latency\x00', r10, 0x0, 0x40000000}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 648.332793ms ago: executing program 0 (id=2849): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="020200030c000000000000000000000005000500000000000a00000000000000fe800000000000000000a405cbebbc41e54a00000080ff0002000100000000000000000b000000000300df"], 0x60}}, 0x0) 551.22117ms ago: executing program 0 (id=2852): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108) (async, rerun: 64) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, 0x0, 0x290) (rerun: 64) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) (async) write(r1, &(0x7f0000000340)="3f000000010003", 0x7) dup(r1) (async) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_subtree(r3, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="2b63f07528"], 0x5) write$cgroup_type(0xffffffffffffffff, &(0x7f00000001c0), 0x9) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) lseek(r2, 0xe0, 0x4) (async, rerun: 64) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$netlink(0x10, 0x3, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800b0001006d61637365630000100002800c0004000400000100c2800008000500", @ANYRES32=r7, @ANYBLOB="17631554a5bb89b3d2b50838a9b8fabc62acd9ece722d9e81b00111a6c070d8f9794c3adfc33fbaccb95f35338713d974978ff7f997362f9eed45db7a32aba1a419ae716f14a8bed311018f00315b1e5bc7799a2f4471d6789da34e45616026c27a7973c1a430dc9040e0f32549a54d85717d392a8c1bd861a0575fa39a81815fe7f203b8ed426f927fe00"/148], 0x48}, 0x1, 0x0, 0x0, 0x8090}, 0x0) 550.839728ms ago: executing program 1 (id=2853): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@fd={0x70742a85, 0x0, r2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @fda={0x66646185, 0x5, 0x1, 0x32}}, &(0x7f0000000240)={0x38, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 501.457126ms ago: executing program 0 (id=2854): writev(0xffffffffffffffff, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81000e220e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffff", 0x49}], 0x1) r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f00000004c0), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000a7000000240000002400000002000000000000000000000202000000000000000000000a030000000000000000000002000000000000"], 0x0, 0x3e, 0x0, 0x1}, 0x28) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) cachestat(r2, &(0x7f0000000040), &(0x7f0000000080), 0x0) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r1}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'streebog512-generic\x00'}}) r3 = socket$rxrpc(0x21, 0x2, 0xa) poll(&(0x7f0000000180)=[{r3, 0x2}], 0x1, 0x7f) setsockopt$sock_int(r3, 0x1, 0x7, &(0x7f0000000240), 0x4) ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0x100, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0xc, 0x40, 0xcd6, 0x4, 0x6, 0x0, 0x80000000, 0x7, 0x9, 0x7a18fde9, 0x9, 0xf12, 0x4, 0x3, 0x378, 0x5, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xd4f, 0x1a, 0xf2, 0x10, 0xfffffffb, 0x8, 0x10001, 0x401, 0x80000000, 0x401, 0x3ca5, 0x1, 0x0, 0xff, 0x4, 0x4, 0x3, 0x0, 0x0, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x5, 0xa, 0x1, 0x10000, 0x401, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x9, 0xb6, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x311, 0x66d1, 0xfffffffd, 0xa7d6, 0xb6eb, 0xc74, 0x77, 0x1, 0xff, 0x5cb5, 0xfffffffd, 0x401, 0xedf4, 0x4, 0x1000, 0x6, 0xfffffffe, 0x8001, 0xc1, 0x1, 0x8, 0x1, 0x32, 0x98, 0x7f, 0x2, 0x401, 0x2, 0x2, 0x4680, 0x7, 0xe665, 0x3c6e, 0x3, 0x40, 0x80, 0x4b, 0x8000, 0x2, 0xb, 0x6, 0x4fa4, 0x80000000, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x9, 0xfd, 0x101, 0x4, 0x40, 0xa, 0x1b, 0x1ff, 0x7ff, 0x2, 0x80000000, 0xffff, 0x9, 0x0, 0x6, 0x2, 0x1, 0x3, 0xa0, 0xf, 0x1ff, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x9, 0x1, 0xf1a, 0x664, 0x4, 0x9, 0x9, 0x2, 0x4, 0xfffffffd, 0x10, 0x0, 0x9, 0x10000, 0x1, 0x9, 0x9, 0xc6, 0x1, 0x4, 0x6, 0xffffffff, 0x6, 0x10001, 0x8, 0x68, 0x7, 0x201, 0x5, 0x3, 0x9a3f, 0x400000, 0x0, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0x2, 0x40, 0x1c, 0x80, 0xb5f8, 0x8bc, 0x3, 0x101, 0x5, 0x63, 0x4, 0x18001, 0x10, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x7, 0x8, 0x6, 0x400, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x8, 0xc4c, 0x45e3, 0x5, 0x7, 0x3, 0x5, 0x3, 0x0, 0x1, 0x2, 0xffffffff, 0x4, 0xce, 0xf, 0x0, 0x1, 0x667, 0x3, 0x0, 0x9, 0x9, 0x37d, 0x10001, 0xc, 0x1, 0x1, 0x2, 0x6, 0x4, 0x6, 0x1, 0x9, 0x6, 0xfffffffa, 0x5, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0x10000, 0x0, 0x80000001, 0x8, 0x8000, 0x3a, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x0, 0x4, 0x10000, 0x4, 0xffff, 0xe, 0x89, 0x2, 0x7, 0x1, 0x73, 0x3, 0x9, 0x4, 0x1, 0x9, 0x0, 0x8, 0x0, 0x81, 0x80000004, 0x9, 0x9, 0x0, 0x4, 0x4, 0x0, 0x1, 0x4, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x4, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0xbf, 0x0, 0x8, 0x40, 0xd3, 0x7, 0x1, 0x89aa, 0x8, 0x0, 0xf0ce, 0x4, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x1, 0x937, 0xa, 0x6, 0x3, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x1, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xae, 0x6, 0x1, 0xfffffeff, 0x4, 0x2, 0x7fff, 0x103, 0x7, 0x6, 0x706, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x6, 0x80000000, 0x5, 0x7, 0xa9c, 0x9, 0x8, 0x1, 0x2, 0x5, 0x1000, 0x69f, 0x1ff, 0x9, 0x10, 0x3, 0x10000, 0xffff0000, 0xf, 0x1, 0xffffa5ba, 0xffffa9b4, 0x1, 0x4, 0x5, 0x3, 0x4b5f, 0x6, 0x7fffffff, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0xc8f, 0x1, 0x7, 0x8, 0x1, 0x10000, 0x57dc, 0x818a, 0x10, 0x8, 0x10, 0xfffffffc, 0xfffff001, 0xa, 0x5, 0x8000005, 0x4, 0xfff, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x400, 0x4, 0x2, 0x80000000, 0xd, 0x2, 0x1, 0x0, 0x5, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xae6, 0x9, 0xffffa0ae, 0xc, 0x6, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x9a, 0x9, 0xb, 0x800, 0x4, 0x3ff, 0x5, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x2, 0x20000000, 0x2, 0x8000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x7, 0x8000001, 0x0, 0xfff, 0x101, 0x4, 0x0, 0x96c6, 0xc, 0x5, 0xfff, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0x9, 0x2, 0x6, 0x0, 0x2, 0x4b15, 0x10000, 0x1, 0x6, 0x1, 0xd, 0x9, 0x4, 0xfffffe01, 0x1, 0x6, 0x0, 0x3, 0x10001, 0x1, 0x7, 0x1, 0x5, 0x8, 0xffffc487, 0x200, 0x10001, 0x37c, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x0, 0xe, 0x2, 0x2, 0x4, 0x80000000, 0xb46d, 0x3, 0x1000, 0x1eb4bce6, 0x10, 0x8, 0x1, 0x5, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x9, 0x3, 0xffffffff, 0x9, 0x7f, 0x6, 0x9, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x25, 0x8, 0x7, 0x7, 0x1, 0x5, 0x9, 0x6709, 0x10001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0xff, 0x5, 0x2, 0x2, 0x4, 0x10000, 0x80000001, 0x5, 0x8001, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0xffff, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x9, 0x8, 0x0, 0x5, 0xf, 0x5, 0xe, 0x8, 0x1000, 0x3, 0x7, 0x382d, 0x459, 0xcad, 0x9, 0x0, 0x2, 0x9, 0x6, 0x20000a4, 0xe0, 0xfffffffb, 0x5, 0xffffffff, 0x2, 0x7, 0xa05a, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x1, 0x30, 0xffffff7e, 0x101, 0x2, 0x9, 0x3, 0x7, 0x8, 0x8, 0x0, 0x1, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x43, 0x3, 0x9, 0x5, 0x80000000, 0x9, 0x0, 0x5, 0x81, 0x1, 0x2, 0x3fd, 0x1df, 0x6, 0x6, 0xfffffffa, 0x1a, 0x9, 0x2, 0x9, 0x1, 0x9, 0x7, 0x2c1, 0x9e95, 0x2, 0xfffffedd, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x9, 0x6, 0x9, 0x9, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x9, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x2, 0xfb4, 0xbfb, 0x7, 0x405, 0x6, 0x4, 0x8001, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0x3, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x8, 0x1, 0x6, 0x1, 0xff, 0x100, 0x4, 0x3, 0x6, 0x80000001, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0x7fffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x5, 0x6, 0x1, 0xb, 0xe, 0x5, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xd, 0x3, 0x4, 0x3, 0x81, 0x8, 0x14, 0x8, 0x9, 0x6, 0xffff, 0xf28c, 0x7, 0x6, 0x4, 0x7fffffff, 0xffff, 0x7fffffff, 0xc9, 0x2, 0xfffffffe, 0x924, 0x499, 0x100, 0x1, 0x5, 0xffff351b, 0x8, 0xfffffffb, 0x7, 0x9, 0x2, 0x5, 0x4, 0x4, 0x4, 0xff, 0xee, 0x2, 0x4, 0x8, 0x9f, 0x7, 0x3, 0x9, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x6, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0xb8, 0x8, 0x5, 0xfffffff7, 0x7, 0x7, 0x4, 0x6330, 0x0, 0x6, 0xea, 0x0, 0xfff, 0x809, 0x6, 0x0, 0x6, 0xffff, 0xfffffffa, 0x3, 0x0, 0x1, 0x6, 0xfffffc00, 0x5, 0x7, 0x64c822e3, 0x9, 0x6, 0x3ff, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x40, 0xa, 0x9b, 0x3, 0xe, 0x1, 0x1, 0xc, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x9, 0x2, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0xc0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x3, 0x93c, 0x6, 0x0, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x5, 0x2, 0x6, 0xfffffff8, 0xffff, 0xfffffff9, 0x9, 0x5, 0x62, 0x8, 0x1, 0xfffffffb, 0x1af88, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x40, 0x8, 0x7, 0x2b, 0x6, 0x10, 0x5, 0x200, 0x9, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x633, 0xf05, 0x0, 0x101, 0x200, 0x7, 0x7ff, 0x0, 0x1, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x7, 0xdd, 0x6, 0x89, 0x0, 0x100, 0x1, 0x9, 0xe75, 0x400, 0x1, 0x0, 0x200, 0xe9ab, 0xfffffff8, 0x8000, 0x13, 0x2, 0x2, 0x43, 0x3ff, 0x0, 0x7, 0x9, 0x1, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x5, 0x8]}) r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) write$char_usb(r4, &(0x7f0000000040)="e2", 0x12d8) socket$inet6_udp(0xa, 0x2, 0x0) 501.253862ms ago: executing program 1 (id=2855): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@fd={0x70742a85, 0x0, r2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @fda={0x66646185, 0x5, 0x1, 0x32}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x1000}], 0x1050, 0x0, 0x0}) 489.359407ms ago: executing program 1 (id=2856): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x48, 0x24, 0x200, 0x0, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {}, {0x4, 0xffff}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x1ff}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0x1}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0xc4014}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="00000000000080e4280012800a00010076786c616e"], 0x50}}, 0x4000000) 441.558648ms ago: executing program 1 (id=2857): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x6, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000080)={0x12, 0x1, 0x0, "c175f0b781eddc96e6d941c3a7f9582753f9ffff8cbae2850c67ea00"}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8}, @NFTA_NG_DREG={0x8}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xffffffd9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) (async) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8}, @NFTA_NG_DREG={0x8}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xffffffd9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="120000380f09e39036b60624ada661e20008000000040000000200000010000000", @ANYRES32=r0, @ANYBLOB="091200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$netlink(r3, 0x10e, 0x5, &(0x7f0000000040)=""/162, &(0x7f0000000100)=0xa2) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)={r2, 0x0, 0x0, 0x4}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r2, &(0x7f0000000140)="79c14fea2ec9cfed", &(0x7f0000000280)=""/159}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mlockall(0x3) (async) mlockall(0x3) 170.60523ms ago: executing program 0 (id=2858): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080006007c09e8fe55a10a0015800a00142603600e1208000f0000000406a80016c0080003400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0x1b}], 0x1}, 0x0) 170.260563ms ago: executing program 0 (id=2859): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000300)={0x8, {{0xa, 0x4e20, 0x6, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x6a3c}}, {{0xa, 0x4e22, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}}}, 0x104) syz_open_dev$swradio(0x0, 0x0, 0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000e, 0x50032, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141121) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x20, 0x19, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x4010010) r1 = socket(0x10, 0x803, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00'}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001000"], 0x48}, 0x1, 0xffff0300}, 0x0) 81.611914ms ago: executing program 0 (id=2860): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) syz_emit_ethernet(0x4a, 0x0, 0x0) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0xb00, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff3}}}, 0x24}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20a0, 0x40807}, [@IFLA_GROUP={0x8}, @IFLA_ALT_IFNAME={0x14, 0x35, 'vcan0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x45}, 0x80) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r6, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r7 = dup(r6) write$FUSE_BMAP(r7, &(0x7f0000000300)={0x18, 0x0, 0x0, {0xfffffffffffffffa}}, 0x18) write$FUSE_DIRENTPLUS(r7, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) write$FUSE_DIRENTPLUS(r7, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10) write$FUSE_DIRENTPLUS(r7, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) write$FUSE_INIT(r7, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x21, 0xffffffff, 0xfffffffff12bd390, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6}}, 0x50) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@posixacl}]}}) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x300, 0x0, 0x0, 0x54}, 0x9c) 228.144µs ago: executing program 1 (id=2861): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000001800)=ANY=[@ANYBLOB="020300031000000000070000000000000600090028010000015204f089b96478db1d8a5f756509e977fb1a039faac9ac111df4d74b60dee4829d2b5ba300000002000100000000000025020d00000000030006000000000002004e21000000800000000000000000030005003200000002"], 0x80}, 0x1, 0x7}, 0x0) 0s ago: executing program 1 (id=2862): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0, 0x0, 0x0, 0x0, 0x1f00}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) kernel console output (not intermixed with test programs): 9.695242][ T9484] ALSA: mixer_oss: invalid OSS volume '@^3bɜ}G$#\("/oL' [ 169.698462][ T9484] ALSA: mixer_oss: invalid OSS volume 'I :' [ 169.701077][ T9484] ALSA: mixer_oss: invalid OSS volume '%^vhcGJPr('⍯Q=' [ 169.704340][ T9484] ALSA: mixer_oss: invalid OSS volume ' Gj;4Ìz3WҼ0F=%' [ 169.736576][ T9484] ALSA: mixer_oss: invalid OSS volume ';4 4fh߇GIבQ5oJ' [ 169.739228][ T9484] ALSA: mixer_oss: invalid OSS volume 'Wl]Y1-J<A>o' [ 169.810449][ T9518] FAULT_INJECTION: forcing a failure. [ 169.810449][ T9518] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 169.814520][ T9518] CPU: 3 UID: 0 PID: 9518 Comm: syz.0.1006 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 169.814533][ T9518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 169.814540][ T9518] Call Trace: [ 169.814544][ T9518] [ 169.814548][ T9518] dump_stack_lvl+0x16c/0x1f0 [ 169.814567][ T9518] should_fail_ex+0x512/0x640 [ 169.814585][ T9518] _copy_from_user+0x2e/0xd0 [ 169.814601][ T9518] __sys_bpf+0x21d/0x4d80 [ 169.814618][ T9518] ? __pfx___sys_bpf+0x10/0x10 [ 169.814634][ T9518] ? ksys_write+0x190/0x250 [ 169.814650][ T9518] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 169.814674][ T9518] ? fput+0x70/0xf0 [ 169.814683][ T9518] ? ksys_write+0x1ac/0x250 [ 169.814697][ T9518] ? __pfx_ksys_write+0x10/0x10 [ 169.814713][ T9518] __ia32_sys_bpf+0x76/0xe0 [ 169.814723][ T9518] __do_fast_syscall_32+0x7c/0x3a0 [ 169.814740][ T9518] do_fast_syscall_32+0x32/0x80 [ 169.814755][ T9518] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 169.814768][ T9518] RIP: 0023:0xf70ce579 [ 169.814776][ T9518] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 169.814785][ T9518] RSP: 002b:00000000f50be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 169.814795][ T9518] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000300 [ 169.814801][ T9518] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 169.814807][ T9518] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 169.814812][ T9518] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 169.814818][ T9518] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 169.814830][ T9518] [ 170.155332][ T5949] Bluetooth: hci1: command 0x0406 tx timeout [ 170.155362][ T5955] Bluetooth: hci2: command 0x0406 tx timeout [ 170.783164][ T9543] netlink: 'syz.0.1013': attribute type 1 has an invalid length. [ 170.979048][ T9561] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1016'. [ 172.487224][ T9623] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1041'. [ 172.490031][ T9623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1041'. [ 172.492841][ T9623] netlink: 'syz.1.1041': attribute type 14 has an invalid length. [ 172.615095][ T9630] tipc: Resetting bearer [ 172.702999][ T9637] team0: Unable to change to the same mode the team is in [ 172.707709][ T9630] tipc: Enabling of bearer rejected, already enabled [ 172.751656][ T9648] netlink: 'syz.3.1050': attribute type 21 has an invalid length. [ 172.981678][ T9663] fuse: Bad value for 'fd' [ 173.015285][ T60] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 173.225386][ T9667] lo speed is unknown, defaulting to 1000 [ 173.243396][ T9667] lo speed is unknown, defaulting to 1000 [ 173.345357][ T60] usb 7-1: Using ep0 maxpacket: 16 [ 173.351958][ T60] usb 7-1: config 0 has an invalid interface number: 8 but max is 0 [ 173.354549][ T60] usb 7-1: config 0 has no interface number 0 [ 173.357943][ T60] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 173.361293][ T60] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 173.368769][ T60] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 173.371611][ T60] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 173.374109][ T60] usb 7-1: Product: syz [ 173.376724][ T60] usb 7-1: SerialNumber: syz [ 173.379444][ T60] usb 7-1: config 0 descriptor?? [ 173.383671][ T60] cm109 7-1:0.8: invalid payload size 0, expected 4 [ 173.387843][ T60] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.8/input/input11 [ 173.584709][ C3] cm109 7-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 174.952374][ T9765] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1063'. [ 175.094686][ T9779] FAULT_INJECTION: forcing a failure. [ 175.094686][ T9779] name failslab, interval 1, probability 0, space 0, times 0 [ 175.099092][ T9779] CPU: 1 UID: 0 PID: 9779 Comm: syz.1.1067 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 175.099107][ T9779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 175.099113][ T9779] Call Trace: [ 175.099117][ T9779] [ 175.099121][ T9779] dump_stack_lvl+0x16c/0x1f0 [ 175.099141][ T9779] should_fail_ex+0x512/0x640 [ 175.099155][ T9779] ? fs_reclaim_acquire+0xae/0x150 [ 175.099168][ T9779] ? tomoyo_encode2+0x100/0x3e0 [ 175.099181][ T9779] should_failslab+0xc2/0x120 [ 175.099190][ T9779] __kmalloc_noprof+0xd2/0x510 [ 175.099205][ T9779] ? d_absolute_path+0x136/0x1a0 [ 175.099218][ T9779] tomoyo_encode2+0x100/0x3e0 [ 175.099232][ T9779] tomoyo_encode+0x29/0x50 [ 175.099245][ T9779] tomoyo_realpath_from_path+0x18f/0x6e0 [ 175.099262][ T9779] tomoyo_path_number_perm+0x245/0x580 [ 175.099273][ T9779] ? tomoyo_path_number_perm+0x237/0x580 [ 175.099285][ T9779] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 175.099310][ T9779] ? find_held_lock+0x2b/0x80 [ 175.099321][ T9779] ? hook_file_ioctl_common+0x145/0x410 [ 175.099334][ T9779] ? __fget_files+0x20e/0x3c0 [ 175.099347][ T9779] ? __fput_deferred+0x420/0x480 [ 175.099359][ T9779] security_file_ioctl_compat+0x9b/0x240 [ 175.099373][ T9779] __ia32_compat_sys_ioctl+0xc3/0x370 [ 175.099387][ T9779] __do_fast_syscall_32+0x7c/0x3a0 [ 175.099404][ T9779] do_fast_syscall_32+0x32/0x80 [ 175.099419][ T9779] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 175.099432][ T9779] RIP: 0023:0xf705e579 [ 175.099440][ T9779] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 175.099450][ T9779] RSP: 002b:00000000f504e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 175.099460][ T9779] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000720 [ 175.099466][ T9779] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 175.099471][ T9779] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 175.099477][ T9779] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 175.099482][ T9779] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 175.099494][ T9779] [ 175.099503][ T9779] ERROR: Out of memory at tomoyo_realpath_from_path. [ 175.358159][ T9794] netlink: 'syz.1.1070': attribute type 1 has an invalid length. [ 175.371249][ T9794] bond5: entered promiscuous mode [ 175.372905][ T9794] bond5: entered allmulticast mode [ 175.387128][ T9794] bond5: (slave erspan1): making interface the new active one [ 175.389563][ T9794] erspan1: entered promiscuous mode [ 175.391585][ T9794] erspan1: entered allmulticast mode [ 175.394008][ T9794] bond5: (slave erspan1): Enslaving as an active interface with an up link [ 175.541682][ T1334] IPVS: starting estimator thread 0... [ 175.626292][ T9813] IPVS: using max 44 ests per chain, 105600 per kthread [ 175.655875][ T9827] fuse: Unknown parameter '' [ 175.951528][ T9848] netlink: 'syz.1.1084': attribute type 1 has an invalid length. [ 175.962453][ T10] usb 7-1: USB disconnect, device number 4 [ 175.962488][ C2] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 175.966507][ C2] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 175.972640][ T10] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 176.003870][ T9851] netlink: 1041 bytes leftover after parsing attributes in process `syz.1.1086'. [ 176.824437][ T9876] netlink: 196 bytes leftover after parsing attributes in process `syz.3.1092'. [ 176.865487][ T9878] 9pnet_virtio: no channels available for device syz [ 178.229990][ T9942] fuse: Bad value for 'fd' [ 178.241334][ T9942] lo speed is unknown, defaulting to 1000 [ 178.244410][ T9942] lo speed is unknown, defaulting to 1000 [ 179.648430][ T9983] bond1: (slave veth0_to_bond): Releasing active interface [ 179.652479][ T9983] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 179.654716][ T9983] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 179.658753][ T9983] bridge0: port 1(netdevsim0) entered disabled state [ 179.664841][ T9983] bond2: (slave veth3): Releasing backup interface [ 179.667314][ T9983] veth3: left promiscuous mode [ 179.716170][ T9983] team0: Unable to change to the same mode the team is in [ 179.719263][ T9983] tipc: Enabling of bearer rejected, already enabled [ 179.726856][ T9988] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1131'. [ 180.074114][T10018] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.078095][T10018] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.081382][T10018] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.084990][T10018] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.088753][T10018] geneve2: entered promiscuous mode [ 180.091021][T10018] geneve2: entered allmulticast mode [ 180.096298][T10018] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.099556][T10018] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.102385][T10018] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.105318][T10018] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.110718][T10020] netlink: 'syz.2.1142': attribute type 21 has an invalid length. [ 181.101297][T10042] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1151'. [ 181.227345][T10054] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1154'. [ 182.800439][T10093] tipc: Can't bind to reserved service type 0 [ 184.074989][T10107] tipc: Enabling of bearer rejected, failed to enable media [ 184.228205][T10124] FAULT_INJECTION: forcing a failure. [ 184.228205][T10124] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 184.232824][T10124] CPU: 3 UID: 0 PID: 10124 Comm: syz.0.1178 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 184.232839][T10124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 184.232845][T10124] Call Trace: [ 184.232849][T10124] [ 184.232853][T10124] dump_stack_lvl+0x16c/0x1f0 [ 184.232872][T10124] should_fail_ex+0x512/0x640 [ 184.232888][T10124] _copy_from_user+0x2e/0xd0 [ 184.232905][T10124] compat_i2cdev_ioctl+0x3fe/0x530 [ 184.232920][T10124] ? hook_file_ioctl_common+0x145/0x410 [ 184.232938][T10124] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 184.232953][T10124] ? __fget_files+0x20e/0x3c0 [ 184.232966][T10124] ? __fput_deferred+0x420/0x480 [ 184.232978][T10124] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 184.232993][T10124] __ia32_compat_sys_ioctl+0x242/0x370 [ 184.233007][T10124] __do_fast_syscall_32+0x7c/0x3a0 [ 184.233024][T10124] do_fast_syscall_32+0x32/0x80 [ 184.233039][T10124] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 184.233052][T10124] RIP: 0023:0xf70ce579 [ 184.233065][T10124] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 184.233075][T10124] RSP: 002b:00000000f50be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 184.233084][T10124] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000720 [ 184.233090][T10124] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 184.233096][T10124] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 184.233101][T10124] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 184.233106][T10124] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 184.233118][T10124] [ 185.442113][T10155] 9pnet_virtio: no channels available for device syz [ 186.418613][ T5944] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 186.496746][T10180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1197'. [ 186.506936][T10182] netlink: 'syz.1.1198': attribute type 1 has an invalid length. [ 186.566750][ T5944] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.570229][ T5944] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 186.573309][ T5944] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 186.577685][ T5944] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 186.580752][ T5944] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.672845][ T5944] usb 5-1: config 0 descriptor?? [ 187.092187][ T5944] plantronics 0003:047F:FFFF.0005: reserved main item tag 0xd [ 187.102361][ T5944] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 187.338455][ T2301] usb 5-1: USB disconnect, device number 3 [ 187.484593][T10204] 9pnet_virtio: no channels available for device syz [ 187.741421][T10215] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 187.761167][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 187.761177][ T40] audit: type=1800 audit(1751209160.019:9572): pid=10215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1210" name="bus" dev="overlay" ino=1591 res=0 errno=0 [ 187.775482][ T40] audit: type=1800 audit(1751209160.019:9573): pid=10214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1210" name="bus" dev="overlay" ino=1591 res=0 errno=0 [ 187.803667][ T40] audit: type=1326 audit(1751209160.059:9574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10210 comm="syz.3.1209" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 187.922191][T10224] set match dimension is over the limit! [ 188.404208][T10233] 9pnet_virtio: no channels available for device syz [ 189.824821][T10249] lo speed is unknown, defaulting to 1000 [ 189.834222][T10249] lo speed is unknown, defaulting to 1000 [ 189.885403][ T60] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 190.038994][ T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 190.043239][ T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 190.047075][ T60] usb 7-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 190.049868][ T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.058061][ T60] usb 7-1: config 0 descriptor?? [ 190.446507][T10261] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1224'. [ 190.450046][T10261] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1224'. [ 190.470354][T10246] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1220'. [ 190.539308][ T60] usbhid 7-1:0.0: can't add hid device: -71 [ 190.541715][ T60] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 190.549317][ T60] usb 7-1: USB disconnect, device number 5 [ 191.571281][T10281] [U]  [ 191.657782][T10288] netlink: 216 bytes leftover after parsing attributes in process `syz.0.1233'. [ 191.660732][T10288] netlink: 'syz.0.1233': attribute type 10 has an invalid length. [ 191.663356][T10288] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1233'. [ 191.667250][T10288] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1233'. [ 192.091190][T10301] 9pnet_virtio: no channels available for device syz [ 192.323875][T10314] netlink: 'syz.3.1241': attribute type 4 has an invalid length. [ 192.327670][ T2301] lo speed is unknown, defaulting to 1000 [ 192.329482][ T2301] syz0: Port: 1 Link ACTIVE [ 193.128454][T10327] lo speed is unknown, defaulting to 1000 [ 193.133340][T10327] lo speed is unknown, defaulting to 1000 [ 193.194042][T10331] 9pnet_virtio: no channels available for device syz [ 193.677293][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.679298][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.078159][T10361] 9pnet_virtio: no channels available for device syz [ 195.221106][T10382] ======================================================= [ 195.221106][T10382] WARNING: The mand mount option has been deprecated and [ 195.221106][T10382] and is ignored by this kernel. Remove the mand [ 195.221106][T10382] option from the mount to silence this warning. [ 195.221106][T10382] ======================================================= [ 195.234862][T10382] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1263'. [ 196.862865][T10415] netlink: 'syz.2.1272': attribute type 1 has an invalid length. [ 196.873432][T10415] bond3: entered promiscuous mode [ 196.875484][T10415] 8021q: adding VLAN 0 to HW filter on device bond3 [ 196.914758][T10415] bond3: (slave veth5): making interface the new active one [ 196.917122][T10415] veth5: entered promiscuous mode [ 196.919806][T10415] bond3: (slave veth5): Enslaving as an active interface with an up link [ 197.626543][T10430] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 197.628711][T10430] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 197.637583][T10430] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 197.639521][T10430] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 197.841044][T10448] 9pnet_virtio: no channels available for device syz [ 198.370614][T10458] team0: Unable to change to the same mode the team is in [ 198.373675][T10458] tipc: Enabling of bearer rejected, already enabled [ 199.090702][T10475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1288'. [ 199.128948][T10479] 9pnet_virtio: no channels available for device syz [ 199.288951][T10484] siw: device registration error -23 [ 199.517949][ T5955] Bluetooth: hci1: command 0x0406 tx timeout [ 199.675276][ T5955] Bluetooth: hci2: command 0x0406 tx timeout [ 200.908054][T10515] netlink: 'syz.1.1302': attribute type 21 has an invalid length. [ 200.949632][T10517] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.952235][T10517] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.954732][T10517] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.957524][T10517] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.960069][T10517] geneve2: entered promiscuous mode [ 200.961787][T10517] geneve2: entered allmulticast mode [ 200.964797][T10517] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.967717][T10517] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.970378][T10517] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.973008][T10517] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.595313][ T5955] Bluetooth: hci1: command 0x0406 tx timeout [ 201.755253][ T5955] Bluetooth: hci2: command 0x0406 tx timeout [ 203.257498][T10563] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1319'. [ 204.780577][T10615] 9pnet_virtio: no channels available for device syz [ 204.917289][T10620] tipc: Enabling of bearer rejected, failed to enable media [ 205.295877][ T1070] Bluetooth: hci4: Frame reassembly failed (-84) [ 207.365247][ T63] Bluetooth: hci4: command 0x1003 tx timeout [ 207.365403][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 208.137313][T10669] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1350'. [ 208.141410][T10669] 8021q: adding VLAN 0 to HW filter on device team1 [ 208.575242][ T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 208.741838][ T10] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 208.746775][ T10] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 208.750884][ T10] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 208.754746][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.764264][T10675] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 208.779492][ T10] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 209.224147][T10688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1356'. [ 209.237603][T10688] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.846777][ T40] audit: type=1326 audit(1751209182.109:9575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10697 comm="syz.2.1360" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x0 [ 209.980522][T10704] set match dimension is over the limit! [ 210.077594][ T10] usb 6-1: USB disconnect, device number 6 [ 210.931469][T10718] lo speed is unknown, defaulting to 1000 [ 210.941096][T10718] lo speed is unknown, defaulting to 1000 [ 211.145408][ T6029] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 211.295371][ T6029] usb 7-1: Using ep0 maxpacket: 32 [ 211.298319][ T6029] usb 7-1: too many configurations: 66, using maximum allowed: 8 [ 211.303140][ T6029] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 211.306270][ T6029] usb 7-1: can't read configurations, error -61 [ 211.435330][ T6029] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 211.595358][ T6029] usb 7-1: Using ep0 maxpacket: 32 [ 211.599653][ T6029] usb 7-1: too many configurations: 66, using maximum allowed: 8 [ 211.615612][ T6029] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 211.618025][ T6029] usb 7-1: can't read configurations, error -61 [ 211.622529][ T6029] usb usb7-port1: attempt power cycle [ 211.788618][T10741] macvlan2: entered promiscuous mode [ 211.790535][T10741] macvlan2: entered allmulticast mode [ 211.975412][ T6029] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 211.996022][ T6029] usb 7-1: Using ep0 maxpacket: 32 [ 211.998204][ T6029] usb 7-1: too many configurations: 66, using maximum allowed: 8 [ 212.002093][ T6029] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 212.004539][ T6029] usb 7-1: can't read configurations, error -61 [ 212.135278][ T6029] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 212.161181][ T6029] usb 7-1: Using ep0 maxpacket: 32 [ 212.163711][ T6029] usb 7-1: too many configurations: 66, using maximum allowed: 8 [ 212.167614][ T6029] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 212.170276][ T6029] usb 7-1: can't read configurations, error -61 [ 212.172553][ T6029] usb usb7-port1: unable to enumerate USB device [ 212.675599][T10753] netlink: 216 bytes leftover after parsing attributes in process `syz.0.1375'. [ 212.678436][T10753] netlink: 'syz.0.1375': attribute type 10 has an invalid length. [ 212.680935][T10753] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1375'. [ 214.260387][T10790] team0: Mode changed to "loadbalance" [ 214.264150][T10790] netlink: 'syz.3.1387': attribute type 10 has an invalid length. [ 214.273570][T10790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.277884][T10790] team0: Port device bond0 added [ 214.281223][T10790] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1387'. [ 214.346084][T10790] tipc: Disabling bearer [ 214.353164][T10790] team0 (unregistering): Port device bond0 removed [ 214.742354][T10802] netlink: 'syz.1.1391': attribute type 1 has an invalid length. [ 214.745718][T10802] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1391'. [ 215.470335][ T40] audit: type=1326 audit(1751209187.729:9576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10813 comm="syz.3.1395" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 215.481838][ T40] audit: type=1326 audit(1751209187.739:9577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10813 comm="syz.3.1395" exe="/syz-executor" sig=0 arch=40000003 syscall=293 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 215.488909][ T40] audit: type=1326 audit(1751209187.739:9578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10813 comm="syz.3.1395" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 215.495747][ T40] audit: type=1326 audit(1751209187.739:9579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10813 comm="syz.3.1395" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 215.502525][ T40] audit: type=1326 audit(1751209187.739:9580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10813 comm="syz.3.1395" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 215.509858][ T40] audit: type=1326 audit(1751209187.739:9581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10813 comm="syz.3.1395" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 215.516776][ T40] audit: type=1326 audit(1751209187.739:9582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10813 comm="syz.3.1395" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 215.523289][ T40] audit: type=1326 audit(1751209187.739:9583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10813 comm="syz.3.1395" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 215.529890][ T40] audit: type=1326 audit(1751209187.739:9584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10813 comm="syz.3.1395" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 215.536605][ T40] audit: type=1326 audit(1751209187.739:9585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10813 comm="syz.3.1395" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 216.601230][ T1334] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 216.669798][ T1334] hid-generic 0000:0000:0000.0006: hidraw1: HID v0.00 Device [syz1] on syz0 [ 216.702681][T10852] fido_id[10852]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 217.200402][T10858] team0: Mode changed to "roundrobin" [ 217.204661][T10858] tipc: Enabled bearer , priority 0 [ 217.413042][T10876] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1412'. [ 218.891216][T10921] netlink: 'syz.1.1425': attribute type 21 has an invalid length. [ 218.922698][T10923] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.925398][T10923] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.927971][T10923] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.931322][T10923] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.934239][T10923] geneve2: entered promiscuous mode [ 218.936485][T10923] geneve2: entered allmulticast mode [ 218.940180][T10923] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.942979][T10923] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.946572][T10923] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.949168][T10923] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.734921][T10951] binder: 10950:10951 ioctl c0046209 0 returned -22 [ 220.160557][T10982] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1445'. [ 221.019358][ T40] kauditd_printk_skb: 15 callbacks suppressed [ 221.019369][ T40] audit: type=1326 audit(1751209193.279:9601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10985 comm="syz.3.1447" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 221.029384][ T40] audit: type=1326 audit(1751209193.279:9602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10985 comm="syz.3.1447" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000 [ 222.380956][T11055] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1465'. [ 222.383885][T11055] tipc: Invalid UDP bearer configuration [ 222.383912][T11055] tipc: Enabling of bearer rejected, failed to enable media [ 222.457285][T11059] siw: device registration error -23 [ 223.726463][T11082] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 223.729173][T11082] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 224.068145][T11093] fuse: Unknown parameter 'group_d' [ 225.736541][T11119] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1485'. [ 225.852686][T11135] 9pnet_virtio: no channels available for device syz [ 226.619843][ T40] audit: type=1800 audit(1751209198.879:9603): pid=11147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1492" name="nullb0" dev="tmpfs" ino=2142 res=0 errno=0 [ 228.431545][T11191] lo speed is unknown, defaulting to 1000 [ 228.435548][T11191] lo speed is unknown, defaulting to 1000 [ 228.564683][ T40] audit: type=1326 audit(1751209200.819:9604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11186 comm="syz.0.1504" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0 [ 228.683301][T11197] set match dimension is over the limit! [ 228.797272][T11203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1508'. [ 228.807991][T11203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1508'. [ 229.311907][T11219] lo speed is unknown, defaulting to 1000 [ 229.315426][T11219] lo speed is unknown, defaulting to 1000 [ 229.899366][T11231] Dead loop on virtual device ip6_vti0, fix it urgently! [ 229.902053][T11231] Dead loop on virtual device ip6_vti0, fix it urgently! [ 229.912339][T11231] Dead loop on virtual device ip6_vti0, fix it urgently! [ 229.920548][T11231] Dead loop on virtual device ip6_vti0, fix it urgently! [ 229.923165][T11231] Dead loop on virtual device ip6_vti0, fix it urgently! [ 229.925698][T11231] Dead loop on virtual device ip6_vti0, fix it urgently! [ 229.955405][T11231] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1515'. [ 229.982475][T11237] netlink: 'syz.1.1517': attribute type 1 has an invalid length. [ 230.068024][T11246] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1521'. [ 230.070845][T11246] netlink: 'syz.2.1521': attribute type 10 has an invalid length. [ 230.073328][T11246] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1521'. [ 233.150307][T11336] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 233.150307][T11336] program syz.1.1552 not setting count and/or reply_len properly [ 233.843791][T11345] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 234.099599][T11354] tipc: Resetting bearer [ 234.110496][T11354] bond3: (slave veth5): Releasing backup interface [ 234.112566][T11354] veth5: left promiscuous mode [ 234.159875][T11354] team0: Unable to change to the same mode the team is in [ 234.163245][T11354] tipc: Enabling of bearer rejected, already enabled [ 234.285316][ T5955] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 234.910835][T11376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1564'. [ 236.100737][T11404] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1575'. [ 236.329501][T11412] netlink: 'syz.1.1576': attribute type 21 has an invalid length. [ 236.360406][T11414] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.363165][T11414] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.365963][T11414] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.368552][T11414] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.371156][T11414] geneve2: entered promiscuous mode [ 236.372819][T11414] geneve2: entered allmulticast mode [ 236.376154][T11414] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.378783][T11414] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.381338][T11414] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.383927][T11414] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.732846][T11452] bond5: (slave erspan1): Releasing active interface [ 237.735126][T11452] erspan1: left promiscuous mode [ 237.737004][T11452] erspan1: left allmulticast mode [ 237.786375][T11452] team0: Unable to change to the same mode the team is in [ 237.791754][T11452] tipc: Enabling of bearer rejected, already enabled [ 238.291504][T11482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1598'. [ 239.325417][ T40] audit: type=1326 audit(1751209211.579:9605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11513 comm="syz.2.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb6598 code=0x7ffc0000 [ 239.335334][ T40] audit: type=1326 audit(1751209211.579:9606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11513 comm="syz.2.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 239.342341][ T40] audit: type=1326 audit(1751209211.579:9607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11513 comm="syz.2.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb6598 code=0x7ffc0000 [ 239.353537][ T40] audit: type=1326 audit(1751209211.579:9608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11513 comm="syz.2.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb6598 code=0x7ffc0000 [ 239.360420][ T40] audit: type=1326 audit(1751209211.579:9609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11513 comm="syz.2.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 239.367360][ T40] audit: type=1326 audit(1751209211.579:9610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11513 comm="syz.2.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 239.374248][ T40] audit: type=1326 audit(1751209211.579:9611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11513 comm="syz.2.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb6598 code=0x7ffc0000 [ 239.383646][ T40] audit: type=1326 audit(1751209211.579:9612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11513 comm="syz.2.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb6598 code=0x7ffc0000 [ 239.391052][ T40] audit: type=1326 audit(1751209211.579:9613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11513 comm="syz.2.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 239.399019][ T40] audit: type=1326 audit(1751209211.579:9614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11513 comm="syz.2.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb6598 code=0x7ffc0000 [ 239.917330][T11525] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1612'. [ 239.920811][T11525] tipc: Invalid UDP bearer configuration [ 239.920848][T11525] tipc: Enabling of bearer rejected, failed to enable media [ 242.847536][T11590] fuse: Bad value for 'fd' [ 242.857709][T11590] lo speed is unknown, defaulting to 1000 [ 242.862533][T11590] lo speed is unknown, defaulting to 1000 [ 244.389370][T11638] set match dimension is over the limit! [ 244.792983][T11642] netlink: 'syz.1.1646': attribute type 1 has an invalid length. [ 244.806257][T11644] 9pnet_fd: Insufficient options for proto=fd [ 245.194939][T11656] netlink: 216 bytes leftover after parsing attributes in process `syz.0.1651'. [ 245.198682][T11656] netlink: 'syz.0.1651': attribute type 10 has an invalid length. [ 245.201975][T11656] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1651'. [ 245.412803][T11658] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1652'. [ 247.633865][T11720] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1674'. [ 247.664915][T11723] [U] [ 247.665969][T11723] [U] [ 247.666870][T11723] [U] [ 247.667747][T11723] [U] [ 247.671950][T11723] [U] [ 247.672879][T11723] [U] [ 247.673773][T11723] [U] [ 247.674659][T11723] [U] [ 247.675912][T11723] [U] [ 247.676808][T11723] [U] [ 247.677701][T11723] [U] [ 247.678582][T11723] [U] [ 247.679466][T11723] [U] [ 247.680347][T11723] [U] [ 247.681232][T11723] [U] [ 247.682150][T11723] [U] [ 247.683104][T11723] [U] [ 247.684058][T11723] [U] [ 247.684947][T11723] [U] [ 247.685846][T11723] [U] [ 247.687258][T11723] [U] [ 247.688151][T11723] [U] [ 247.689035][T11723] [U] [ 247.689926][T11723] [U] [ 247.690986][T11723] [U] [ 247.691954][T11723] [U] [ 247.692838][T11723] [U] [ 247.693749][T11723] [U] [ 247.698581][T11723] [U] [ 247.699500][T11723] [U] [ 247.700387][T11723] [U] [ 247.701293][T11723] [U] [ 247.702204][T11723] [U] [ 247.703088][T11723] [U] [ 247.703971][T11723] [U] [ 247.704864][T11723] [U] [ 247.713412][T11723] [U] [ 247.714328][T11723] [U] [ 247.715263][T11723] [U] [ 247.716162][T11723] [U] [ 247.721260][T11723] [U] [ 247.722178][T11723] [U] [ 247.723063][T11723] [U] [ 247.723959][T11723] [U] [ 247.737050][T11723] [U] [ 247.738030][T11723] [U] [ 247.739114][T11723] [U] [ 247.740012][T11723] [U] [ 247.741944][T11723] [U] [ 247.742893][T11723] [U] [ 247.743788][T11723] [U] [ 247.744718][T11723] [U] [ 247.825411][T11722] [U] [ 247.902356][ T40] kauditd_printk_skb: 32 callbacks suppressed [ 247.902369][ T40] audit: type=1326 audit(1751209220.159:9647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11739 comm="syz.1.1679" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 247.912093][ T40] audit: type=1326 audit(1751209220.159:9648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11739 comm="syz.1.1679" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000 [ 247.989019][T11752] tipc: Invalid UDP bearer configuration [ 247.989046][T11752] tipc: Enabling of bearer rejected, failed to enable media [ 248.812708][T11785] netlink: 47 bytes leftover after parsing attributes in process `syz.3.1696'. [ 249.383079][T11801] xt_CT: You must specify a L4 protocol and not use inversions on it [ 250.401240][ T40] audit: type=1326 audit(1751209222.659:9649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11825 comm="syz.3.1709" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 250.570594][T11829] set match dimension is over the limit! [ 251.136113][T11863] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1720'. [ 251.143883][ T40] audit: type=1326 audit(1751209223.399:9650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11862 comm="syz.3.1720" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 251.709136][T11876] team0: Unable to change to the same mode the team is in [ 251.712208][T11876] tipc: Enabling of bearer rejected, already enabled [ 251.850811][T11889] geneve3: entered promiscuous mode [ 251.852522][T11889] geneve3: entered allmulticast mode [ 253.215849][T11927] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1742'. [ 253.892682][T11944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 253.897809][T11944] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 253.996237][T11949] tipc: Enabling of bearer rejected, already enabled [ 255.124477][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.127152][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.832117][T11988] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.892273][T11990] netlink: 'syz.1.1760': attribute type 1 has an invalid length. [ 255.914302][T11988] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.993560][T11988] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.069270][T11988] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.139839][T11988] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.148471][T11988] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.158597][T11988] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.166436][T11988] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.667674][T12003] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1765'. [ 256.670524][T12003] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1765'. [ 256.673414][T12003] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1765'. [ 257.165277][ T53] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 257.328600][ T53] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 257.333082][ T53] usb 6-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 257.338704][ T53] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 257.342480][ T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.358048][ T53] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 257.388456][ T53] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 257.406474][ T6925] udevd[6925]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 258.069275][T12025] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 258.072940][T12025] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 258.307535][T12037] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1776'. [ 258.413143][T12038] lo speed is unknown, defaulting to 1000 [ 258.422365][T12038] lo speed is unknown, defaulting to 1000 [ 259.166051][ T2301] usb 6-1: USB disconnect, device number 7 [ 259.204498][T12065] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 259.350376][T12068] xt_CT: You must specify a L4 protocol and not use inversions on it [ 260.025806][T12091] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1793'. [ 260.047498][T12095] tipc: Invalid UDP bearer configuration [ 260.047542][T12095] tipc: Enabling of bearer rejected, failed to enable media [ 260.087045][ T5955] Bluetooth: hci2: command 0x0406 tx timeout [ 260.087089][ T63] Bluetooth: hci1: command 0x0406 tx timeout [ 260.131191][T12104] netlink: 'syz.1.1799': attribute type 1 has an invalid length. [ 260.597144][T12128] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1805'. [ 260.599970][T12128] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1805'. [ 260.602757][T12128] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1805'. [ 260.713345][T12130] kvm: kvm [12129]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x98b5 [ 260.716718][T12130] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1806'. [ 260.720369][T12130] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1806'. [ 261.750994][ T40] audit: type=1326 audit(1751209234.009:9651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12154 comm="syz.0.1815" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0 [ 261.882697][T12167] set match dimension is over the limit! [ 262.798716][T12178] netlink: 'syz.2.1823': attribute type 21 has an invalid length. [ 263.006411][T12187] tmpfs: Bad value for 'mpol' [ 263.240099][T12194] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1828'. [ 263.351212][T12195] lo speed is unknown, defaulting to 1000 [ 263.359751][T12195] lo speed is unknown, defaulting to 1000 [ 263.852541][ T63] Bluetooth: hci1: Malformed Event: 0x02 [ 263.854683][ T63] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 263.948776][T12211] syz.2.1835 (12211): /proc/12210/oom_adj is deprecated, please use /proc/12210/oom_score_adj instead. [ 263.957996][T12214] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1836'. [ 263.987780][ T40] audit: type=1326 audit(1751209236.249:9652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12217 comm="syz.2.1838" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb6579 code=0x0 [ 264.100512][T12227] MTD: Attempt to mount non-MTD device "/dev/sr0" [ 264.154130][T12232] MTD: Attempt to mount non-MTD device "/dev/sr0" [ 264.164640][T12229] netlink: 'syz.1.1842': attribute type 2 has an invalid length. [ 264.169545][T12229] netlink: 'syz.1.1842': attribute type 1 has an invalid length. [ 264.287337][T12227] /dev/sr0: Can't open blockdev [ 264.386011][T12232] /dev/sr0: Can't open blockdev [ 264.857376][T12250] tipc: Invalid UDP bearer configuration [ 264.857404][T12250] tipc: Enabling of bearer rejected, failed to enable media [ 264.922108][T12256] netlink: 'syz.2.1851': attribute type 1 has an invalid length. [ 265.550229][T12284] team0: Unable to change to the same mode the team is in [ 265.553772][T12284] tipc: Enabling of bearer rejected, already enabled [ 265.587257][T12288] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.589850][T12288] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.592405][T12288] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.594935][T12288] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.598341][T12288] geneve2: entered promiscuous mode [ 265.600033][T12288] geneve2: entered allmulticast mode [ 265.603033][T12288] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.606037][T12288] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.608670][T12288] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.611297][T12288] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.284345][T12301] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1868'. [ 266.829737][T12317] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1873'. [ 267.268275][T12325] tipc: Resetting bearer [ 269.010628][T12374] overlayfs: failed to resolve './file0': -2 [ 269.525333][T12384] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1897'. [ 269.689833][T12397] tipc: Enabling of bearer rejected, failed to enable media [ 269.957613][T12410] netlink: 'syz.2.1907': attribute type 1 has an invalid length. [ 269.968635][T12410] 8021q: adding VLAN 0 to HW filter on device bond4 [ 270.156216][T12423] ?H: renamed from lo (while UP) [ 270.349513][T12430] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.352112][T12430] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.354751][T12430] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.357484][T12430] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.360232][T12430] geneve2: entered promiscuous mode [ 270.361895][T12430] geneve2: entered allmulticast mode [ 270.364776][T12430] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.367810][T12430] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.370409][T12430] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.372975][T12430] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.517377][T12465] overlayfs: failed to clone upperpath [ 272.555210][ T40] audit: type=1800 audit(1751209244.809:9653): pid=12494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1933" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 272.611588][T12502] netlink: 'syz.1.1935': attribute type 21 has an invalid length. [ 274.026462][T12532] ?H speed is unknown, defaulting to 1000 [ 274.031702][T12532] lo speed is unknown, defaulting to 1000 [ 274.207443][T12537] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1946'. [ 275.417201][T12568] tipc: Enabling of bearer rejected, failed to enable media [ 275.637251][T12577] netlink: 180 bytes leftover after parsing attributes in process `syz.3.1956'. [ 275.816767][T12581] ?H speed is unknown, defaulting to 1000 [ 275.824146][T12581] lo speed is unknown, defaulting to 1000 [ 276.056718][T12578] bridge5: entered promiscuous mode [ 276.096605][T12578] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 276.442085][T12598] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1963'. [ 276.444944][T12598] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1963'. [ 276.448084][T12598] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1963'. [ 276.946962][T12615] overlayfs: failed to clone upperpath [ 277.017608][T12627] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1972'. [ 277.507508][T12641] tipc: Resetting bearer [ 278.047679][T12653] 9pnet_virtio: no channels available for device syz [ 278.571016][T12669] netlink: 'syz.1.1984': attribute type 21 has an invalid length. [ 278.850822][ T8117] Bluetooth: hci4: Frame reassembly failed (-84) [ 279.022516][T12680] vlan2: entered allmulticast mode [ 279.024185][T12680] bridge_slave_0: entered allmulticast mode [ 280.397933][T12705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1997'. [ 280.875302][ T5955] Bluetooth: hci4: command 0x1003 tx timeout [ 280.875471][ T63] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 281.030502][T12720] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2001'. [ 281.283560][ T40] audit: type=1326 audit(1751209253.539:9654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12717 comm="syz.2.2003" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x0 [ 281.394183][T12727] set match dimension is over the limit! [ 281.604119][T12730] netlink: 'syz.3.2005': attribute type 1 has an invalid length. [ 281.618078][T12730] bond4: entered promiscuous mode [ 281.619960][T12730] 8021q: adding VLAN 0 to HW filter on device bond4 [ 281.661129][T12730] bond4: (slave veth5): making interface the new active one [ 281.665367][T12730] veth5: entered promiscuous mode [ 281.668768][T12730] bond4: (slave veth5): Enslaving as an active interface with an up link [ 281.921999][T12748] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.924721][T12748] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.927901][T12748] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.930442][T12748] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.933180][T12748] geneve2: entered promiscuous mode [ 281.935124][T12748] geneve2: entered allmulticast mode [ 281.939691][T12748] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.942311][T12748] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.945017][T12748] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.947682][T12748] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.100745][T12751] tipc: Resetting bearer [ 282.314407][T12751] team0: Mode changed to "loadbalance" [ 282.322257][T12751] netlink: 'syz.2.2012': attribute type 10 has an invalid length. [ 282.329819][T12751] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.332186][T12751] team0: Device bond0 failed to register rx_handler [ 282.352969][T12751] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2012'. [ 282.355840][T12751] tipc: Resetting bearer [ 282.413258][T12762] netlink: 180 bytes leftover after parsing attributes in process `syz.1.2016'. [ 282.441449][T12751] tipc: Disabling bearer [ 282.540698][T12762] ?H speed is unknown, defaulting to 1000 [ 282.550222][T12762] lo speed is unknown, defaulting to 1000 [ 282.657684][T12761] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.761781][T12761] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.855895][T12761] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.929673][T12761] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.965339][ T840] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 282.975306][ T5944] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 283.034335][T12761] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.045039][T12761] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.053182][T12761] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.061831][T12761] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.105361][ T840] usb 7-1: device descriptor read/64, error -71 [ 283.185238][ T5944] usb 5-1: Invalid ep0 maxpacket: 16 [ 283.315364][ T5944] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 283.365303][ T840] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 283.465932][ T5944] usb 5-1: Invalid ep0 maxpacket: 16 [ 283.468429][ T5944] usb usb5-port1: attempt power cycle [ 283.494335][T12794] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2026'. [ 283.515365][ T840] usb 7-1: device descriptor read/64, error -71 [ 283.635483][ T840] usb usb7-port1: attempt power cycle [ 283.805321][ T5944] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 283.826575][ T5944] usb 5-1: Invalid ep0 maxpacket: 16 [ 283.955449][ T5944] usb 5-1: new low-speed USB device number 7 using dummy_hcd [ 283.975390][ T840] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 283.975748][ T5944] usb 5-1: Invalid ep0 maxpacket: 16 [ 283.982600][ T5944] usb usb5-port1: unable to enumerate USB device [ 283.996916][ T840] usb 7-1: device descriptor read/8, error -71 [ 284.245420][ T840] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 284.275683][ T840] usb 7-1: device descriptor read/8, error -71 [ 284.383729][T12815] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2034'. [ 284.391393][ T840] usb usb7-port1: unable to enumerate USB device [ 285.263859][T12836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2042'. [ 287.743783][ T40] audit: type=1326 audit(1751209259.999:9655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12879 comm="syz.0.2055" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0 [ 288.278855][T12912] tipc: Enabling of bearer rejected, failed to enable media [ 288.505656][T12930] netlink: 'syz.2.2064': attribute type 1 has an invalid length. [ 288.571925][T12930] bond5: entered promiscuous mode [ 288.574169][T12930] 8021q: adding VLAN 0 to HW filter on device bond5 [ 288.774202][T12934] bond5: (slave veth7): making interface the new active one [ 288.786465][T12934] veth7: entered promiscuous mode [ 288.788621][T12934] bond5: (slave veth7): Enslaving as an active interface with an up link [ 289.344653][T12943] 9pnet_fd: Insufficient options for proto=fd [ 289.348144][T12944] 9pnet_fd: Insufficient options for proto=fd [ 289.404258][T12949] bond5: (slave veth7): Releasing backup interface [ 289.406877][T12949] veth7: left promiscuous mode [ 289.604212][T12949] tipc: Enabling of bearer rejected, failed to enable media [ 289.738796][T12968] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2075'. [ 289.856180][T12975] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2079'. [ 290.422369][T12996] tipc: Resetting bearer [ 290.979050][T13007] kvm: pic: single mode not supported [ 290.981362][T13007] kvm: pic: single mode not supported [ 290.983692][T13007] kvm: pic: single mode not supported [ 290.986187][T13007] kvm: pic: single mode not supported [ 290.988469][T13007] kvm: pic: single mode not supported [ 290.990622][T13007] kvm: pic: single mode not supported [ 290.992787][T13007] kvm: pic: single mode not supported [ 290.994941][T13007] kvm: pic: single mode not supported [ 290.997641][T13007] kvm: pic: single mode not supported [ 290.999782][T13007] kvm: pic: single mode not supported [ 291.317455][T13023] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2095'. [ 291.429223][T13024] ?H speed is unknown, defaulting to 1000 [ 291.437633][T13024] lo speed is unknown, defaulting to 1000 [ 291.767586][T13030] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2097'. [ 292.116690][T13039] nfs4: Bad value for 'source' [ 292.134461][T13042] 9pnet_virtio: no channels available for device syz [ 292.750809][T13064] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2106'. [ 292.803005][T13066] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2107'. [ 293.017703][ T40] audit: type=1326 audit(1751209265.279:9656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13089 comm="syz.3.2118" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 293.311295][T13109] tipc: Enabling of bearer rejected, failed to enable media [ 293.753223][ T40] audit: type=1326 audit(1751209266.009:9657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13114 comm="syz.0.2125" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0 [ 293.877496][T13118] x_tables: ip_tables: hashlimit.1 match: invalid size 56 (kernel) != (user) 616 [ 294.090429][T13133] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2132'. [ 294.300863][T13145] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2137'. [ 294.457292][T13149] netlink: 'syz.1.2139': attribute type 27 has an invalid length. [ 294.459900][T13149] vlan0: left promiscuous mode [ 294.462230][T13150] netlink: 'syz.1.2139': attribute type 27 has an invalid length. [ 294.467540][T13149] bond5: left promiscuous mode [ 294.469110][T13149] bond5: left allmulticast mode [ 294.819578][T13163] @: renamed from vlan0 [ 294.951879][T13167] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2143'. [ 295.136808][T13168] ?H speed is unknown, defaulting to 1000 [ 295.145691][T13168] lo speed is unknown, defaulting to 1000 [ 295.380139][T13177] overlayfs: failed to clone upperpath [ 295.411171][T13179] ref_ctr_offset mismatch. inode: 0xc40 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4 [ 296.106044][T13207] netlink: 'syz.2.2159': attribute type 21 has an invalid length. [ 296.209171][T13209] siw: device registration error -23 [ 296.587024][ T5955] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 296.591306][ T5955] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 296.594863][ T5955] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 296.598017][ T5955] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 296.600693][ T5955] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 296.620443][T13221] ?H speed is unknown, defaulting to 1000 [ 296.625270][T13221] lo speed is unknown, defaulting to 1000 [ 296.702410][T13221] chnl_net:caif_netlink_parms(): no params data found [ 297.012851][T13221] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.015293][T13221] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.017840][T13221] bridge_slave_0: entered allmulticast mode [ 297.023906][T13221] bridge_slave_0: entered promiscuous mode [ 297.035941][T13221] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.037917][T13235] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2167'. [ 297.038528][T13221] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.044816][T13221] bridge_slave_1: entered allmulticast mode [ 297.050938][T13221] bridge_slave_1: entered promiscuous mode [ 297.088850][T13221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.093785][T13221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.144039][T13221] team0: Port device team_slave_0 added [ 297.147947][T13221] team0: Port device team_slave_1 added [ 297.195476][T13221] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 297.206439][T13221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.216428][T13240] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2165'. [ 297.222003][T13221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 297.432826][T13250] 9pnet: Unknown protocol version 9p20\++} [ 297.478300][T13221] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 297.480523][T13221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.491470][T13221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 297.611529][T13221] hsr_slave_0: entered promiscuous mode [ 297.613794][T13221] hsr_slave_1: entered promiscuous mode [ 297.616685][T13221] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 297.619140][T13221] Cannot create hsr debugfs directory [ 298.083879][T13221] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 298.090333][T13221] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 298.094719][T13221] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 298.099715][T13221] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 298.155308][T13221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 298.166269][T13221] 8021q: adding VLAN 0 to HW filter on device team0 [ 298.171317][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.173694][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 298.184491][ T1183] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.186851][ T1183] bridge0: port 2(bridge_slave_1) entered forwarding state [ 298.332947][T13221] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 298.366152][T13221] veth0_vlan: entered promiscuous mode [ 298.373196][T13221] veth1_vlan: entered promiscuous mode [ 298.389521][T13221] veth0_macvtap: entered promiscuous mode [ 298.393398][T13221] veth1_macvtap: entered promiscuous mode [ 298.403744][T13221] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 298.409698][T13221] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 298.417264][T13221] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.419990][T13221] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.422768][T13221] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.425807][T13221] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.482323][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.489296][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.505377][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.508491][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.565061][ T840] IPVS: starting estimator thread 0... [ 298.637663][ T63] Bluetooth: hci4: command tx timeout [ 298.666713][T13276] IPVS: using max 44 ests per chain, 105600 per kthread [ 299.422927][T13287] tipc: Enabling of bearer rejected, already enabled [ 299.529609][T13294] geneve3: entered promiscuous mode [ 299.531312][T13294] geneve3: entered allmulticast mode [ 299.548708][T13296] binder: 13295:13296 ioctl c0306201 80000240 returned -11 [ 299.819555][T13323] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2185'. [ 300.427705][T13318] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.430538][T13318] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.433330][T13318] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.436813][T13318] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.487758][T13318] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 300.490714][T13318] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 300.493463][T13318] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 300.496600][T13318] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 300.501642][T13318] tipc: Resetting bearer [ 300.572006][T13329] overlayfs: failed to resolve './file1': -2 [ 300.590604][T13326] netlink: 'syz.3.2187': attribute type 1 has an invalid length. [ 300.669244][T13337] team0: Unable to change to the same mode the team is in [ 300.672761][T13337] tipc: Enabling of bearer rejected, already enabled [ 300.714164][T13351] netlink: 216 bytes leftover after parsing attributes in process `syz.0.2196'. [ 300.717279][ T63] Bluetooth: hci4: command tx timeout [ 300.719593][T13351] netlink: 'syz.0.2196': attribute type 10 has an invalid length. [ 300.722633][T13351] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2196'. [ 301.055395][ T6029] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 301.205869][ T6029] usb 5-1: no configurations [ 301.207668][ T6029] usb 5-1: can't read configurations, error -22 [ 301.335278][ T6029] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 301.495659][ T6029] usb 5-1: no configurations [ 301.497610][ T6029] usb 5-1: can't read configurations, error -22 [ 301.500343][ T6029] usb usb5-port1: attempt power cycle [ 301.835398][ T6029] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 301.856048][ T6029] usb 5-1: no configurations [ 301.857414][ T6029] usb 5-1: can't read configurations, error -22 [ 301.871499][T13385] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2209'. [ 301.883153][T13385] ?H speed is unknown, defaulting to 1000 [ 301.886467][T13385] lo speed is unknown, defaulting to 1000 [ 301.985300][ T6029] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 302.006164][ T6029] usb 5-1: no configurations [ 302.007530][ T6029] usb 5-1: can't read configurations, error -22 [ 302.009548][ T6029] usb usb5-port1: unable to enumerate USB device [ 302.795275][ T63] Bluetooth: hci4: command tx timeout [ 304.037526][T13411] fuse: Bad value for 'rootmode' [ 304.522790][T13419] netlink: 'syz.1.2219': attribute type 21 has an invalid length. [ 304.858627][ T5955] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 304.863443][ T5955] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 304.875340][ T5955] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 304.884319][ T5955] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 304.886787][ T5946] Bluetooth: hci4: command tx timeout [ 304.889672][ T5955] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 304.911436][T13430] ?H speed is unknown, defaulting to 1000 [ 304.914910][T13430] lo speed is unknown, defaulting to 1000 [ 305.033896][T13430] chnl_net:caif_netlink_parms(): no params data found [ 305.128190][T13430] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.130511][T13430] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.132791][T13430] bridge_slave_0: entered allmulticast mode [ 305.135572][T13430] bridge_slave_0: entered promiscuous mode [ 305.143809][T13430] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.146658][T13430] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.149061][T13430] bridge_slave_1: entered allmulticast mode [ 305.152190][T13430] bridge_slave_1: entered promiscuous mode [ 305.198914][T13430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 305.204782][T13430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 305.268663][T13430] team0: Port device team_slave_0 added [ 305.273042][T13430] team0: Port device team_slave_1 added [ 305.303030][T13430] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 305.305975][T13430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.313968][T13430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 305.318478][T13430] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 305.320721][T13430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.329057][T13430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 305.366432][T13430] hsr_slave_0: entered promiscuous mode [ 305.368711][T13430] hsr_slave_1: entered promiscuous mode [ 305.370766][T13430] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 305.373182][T13430] Cannot create hsr debugfs directory [ 306.104619][ T13] bond0 (unregistering): Released all slaves [ 306.181817][ T13] bond1 (unregistering): Released all slaves [ 306.247523][ T13] bond2 (unregistering): Released all slaves [ 306.321299][ T13] bond3 (unregistering): Released all slaves [ 306.384726][ T13] bond4 (unregistering): Released all slaves [ 306.391185][ T13] bond5 (unregistering): Released all slaves [ 306.520680][ T13] tipc: Disabling bearer [ 306.523436][ T13] tipc: Left network mode [ 306.569630][T13458] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 306.965246][ T63] Bluetooth: hci3: command tx timeout [ 307.489883][ T13] hsr_slave_0: left promiscuous mode [ 307.492687][ T13] hsr_slave_1: left promiscuous mode [ 308.778175][T13430] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 308.797810][T13430] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 308.807399][T13430] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 308.818954][T13430] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 308.910597][ T2301] IPVS: starting estimator thread 0... [ 308.950790][T13430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 308.970194][T13430] 8021q: adding VLAN 0 to HW filter on device team0 [ 308.980707][ T8120] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.982959][ T8120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.997950][ T8120] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.000370][ T8120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 309.005949][T13514] IPVS: using max 43 ests per chain, 103200 per kthread [ 309.035342][ T63] Bluetooth: hci3: command tx timeout [ 309.094606][ T13] IPVS: stop unused estimator thread 0... [ 309.103924][T13430] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 309.129496][T13430] veth0_vlan: entered promiscuous mode [ 309.137090][T13430] veth1_vlan: entered promiscuous mode [ 309.155105][T13430] veth0_macvtap: entered promiscuous mode [ 309.159191][T13430] veth1_macvtap: entered promiscuous mode [ 309.168186][T13430] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 309.173889][T13430] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 309.179247][T13430] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.182095][T13430] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.184860][T13430] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.187697][T13430] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.247600][ T1183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 309.251921][ T1183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.263405][ T8117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 309.266491][ T8117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.449319][T13546] geneve2: entered promiscuous mode [ 309.450921][T13546] geneve2: entered allmulticast mode [ 309.623654][T13552] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2240'. [ 311.115313][ T63] Bluetooth: hci3: command tx timeout [ 311.666524][T13607] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2258'. [ 311.670999][T13607] 8021q: adding VLAN 0 to HW filter on device team0 [ 311.673410][T13607] tipc: Resetting bearer [ 311.738078][ T9] usb 6-1: new low-speed USB device number 8 using dummy_hcd [ 311.865638][ T9] usb 6-1: device descriptor read/64, error -71 [ 312.115235][ T9] usb 6-1: new low-speed USB device number 9 using dummy_hcd [ 312.355266][ T9] usb 6-1: device descriptor read/64, error -71 [ 312.465389][ T9] usb usb6-port1: attempt power cycle [ 312.805452][ T9] usb 6-1: new low-speed USB device number 10 using dummy_hcd [ 312.825752][ T9] usb 6-1: device descriptor read/8, error -71 [ 313.095469][ T9] usb 6-1: new low-speed USB device number 11 using dummy_hcd [ 313.117002][ T9] usb 6-1: device descriptor read/8, error -71 [ 313.197306][ T63] Bluetooth: hci3: command tx timeout [ 313.226305][ T9] usb usb6-port1: unable to enumerate USB device [ 314.966272][T13697] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2280'. [ 314.979500][T13691] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 314.982037][T13691] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 314.984135][T13691] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 314.991146][T13691] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 314.998731][T13691] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 315.002342][T13691] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 315.019995][T13691] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 315.178396][T13702] tipc: Resetting bearer [ 315.233908][T13705] team0: Unable to change to the same mode the team is in [ 315.239657][T13705] tipc: Enabling of bearer rejected, already enabled [ 316.260210][T13718] netlink: 'syz.2.2285': attribute type 1 has an invalid length. [ 316.270932][T13718] bond6: entered promiscuous mode [ 316.273162][T13718] 8021q: adding VLAN 0 to HW filter on device bond6 [ 316.287149][ T63] Bluetooth: hci4: unexpected event for opcode 0x202f [ 316.305109][T13718] bond6: (slave veth9): making interface the new active one [ 316.310078][T13718] veth9: entered promiscuous mode [ 316.312294][T13718] bond6: (slave veth9): Enslaving as an active interface with an up link [ 316.558068][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.560186][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.955285][ T63] Bluetooth: hci1: command 0x0406 tx timeout [ 317.035277][ T63] Bluetooth: hci3: command 0x0c1a tx timeout [ 318.582608][T13751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2296'. [ 318.619484][T13754] netlink: 'syz.0.2297': attribute type 1 has an invalid length. [ 318.621908][T13754] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2297'. [ 319.115280][ T63] Bluetooth: hci3: command 0x0c1a tx timeout [ 319.394572][T13777] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2304'. [ 319.399197][T13777] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2304'. [ 320.797372][ T5944] IPVS: starting estimator thread 0... [ 320.897058][T13839] IPVS: using max 44 ests per chain, 105600 per kthread [ 321.000964][T13846] exFAT-fs (nullb0): invalid boot record signature [ 321.003616][T13846] exFAT-fs (nullb0): failed to read boot sector [ 321.008271][T13846] exFAT-fs (nullb0): failed to recognize exfat type [ 321.195276][ T63] Bluetooth: hci3: command 0x0c1a tx timeout [ 321.431549][T13868] netlink: 'syz.1.2333': attribute type 1 has an invalid length. [ 321.434302][T13868] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2333'. [ 322.082887][T13893] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 322.145862][T13898] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2342'. [ 322.738794][T13900] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 323.054359][T13931] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2355'. [ 323.125103][T13935] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2356'. [ 323.148333][T13937] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2349'. [ 323.376784][T13950] ?H speed is unknown, defaulting to 1000 [ 323.379539][T13950] lo speed is unknown, defaulting to 1000 [ 323.898470][T13963] xt_TCPMSS: Only works on TCP SYN packets [ 324.033535][T13973] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2367'. [ 324.050796][T13973] Mount JFS Failure: -22 [ 324.053238][T13973] jfs_mount failed w/return code = -22 [ 324.064183][T13975] netlink: 'syz.0.2368': attribute type 21 has an invalid length. [ 324.109690][T13984] binder: BINDER_SET_CONTEXT_MGR already set [ 324.112599][T13984] binder: 13981:13984 ioctl 4018620d 800000c0 returned -16 [ 324.197006][T13995] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2375'. [ 324.206083][T13995] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.209492][T13995] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.074640][T14015] netlink: 'syz.1.2380': attribute type 10 has an invalid length. [ 325.077394][T14015] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2380'. [ 325.098018][T14015] team0: Port device geneve0 added [ 325.148106][T14021] netlink: 216 bytes leftover after parsing attributes in process `syz.2.2382'. [ 325.151041][T14021] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2382'. [ 326.104983][T14058] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 326.466961][T14072] block nbd2: shutting down sockets [ 327.216717][T14111] __nla_validate_parse: 1 callbacks suppressed [ 327.216730][T14111] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2409'. [ 327.254973][T14112] QAT: failed to copy from user cfg_data. [ 327.962325][T14122] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2411'. [ 330.266481][ T5944] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 330.418573][ T5944] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 330.421418][ T5944] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.423871][ T5944] usb 5-1: Product: syz [ 330.425928][ T5944] usb 5-1: Manufacturer: syz [ 330.427392][ T5944] usb 5-1: SerialNumber: syz [ 330.430416][ T5944] usb 5-1: config 0 descriptor?? [ 330.638893][ T6029] usb 5-1: USB disconnect, device number 12 [ 331.443797][T14201] input: syz0 as /devices/virtual/input/input20 [ 333.393831][T14266] netlink: 'syz.1.2454': attribute type 1 has an invalid length. [ 333.448412][T14266] bond1: entered promiscuous mode [ 333.459081][T14266] 8021q: adding VLAN 0 to HW filter on device bond1 [ 333.536718][T14259] bond1: (slave veth3): making interface the new active one [ 333.539166][T14259] veth3: entered promiscuous mode [ 333.542292][T14259] bond1: (slave veth3): Enslaving as an active interface with an up link [ 333.936085][T14288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2468'. [ 334.073881][ T40] audit: type=1326 audit(1751209306.329:9658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14280 comm="syz.0.2465" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0 [ 334.193428][T14296] set match dimension is over the limit! [ 335.387455][T14304] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2473'. [ 335.399972][T14304] 8021q: adding VLAN 0 to HW filter on device team1 [ 335.500759][T14315] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2475'. [ 335.505360][T14315] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2475'. [ 335.792166][ T40] audit: type=1326 audit(1751209308.049:9659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14314 comm="syz.0.2477" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0 [ 335.942568][T14326] xt_hashlimit: Unknown mode mask 488, kernel too old? [ 337.773769][T14361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2489'. [ 337.777679][T14361] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.780144][T14361] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.825494][ T40] audit: type=1326 audit(1751209311.089:9660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14387 comm="syz.2.2499" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 338.832373][ T40] audit: type=1326 audit(1751209311.089:9661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14387 comm="syz.2.2499" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 338.839150][ T40] audit: type=1326 audit(1751209311.089:9662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14387 comm="syz.2.2499" exe="/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 338.845858][ T40] audit: type=1326 audit(1751209311.089:9663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14387 comm="syz.2.2499" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 338.852465][ T40] audit: type=1326 audit(1751209311.089:9664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14387 comm="syz.2.2499" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 338.861393][ T40] audit: type=1326 audit(1751209311.089:9665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14387 comm="syz.2.2499" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 338.869454][ T40] audit: type=1326 audit(1751209311.089:9666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14387 comm="syz.2.2499" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 338.876402][ T40] audit: type=1326 audit(1751209311.089:9667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14387 comm="syz.2.2499" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 338.943357][T14393] gfs2: Unknown parameter 'barrierm' [ 339.568009][T14411] netlink: 'syz.0.2507': attribute type 2 has an invalid length. [ 339.570421][T14411] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2507'. [ 339.641239][T14415] ?H speed is unknown, defaulting to 1000 [ 339.644189][T14415] lo speed is unknown, defaulting to 1000 [ 339.712558][T14418] tipc: Resetting bearer [ 339.767653][T14421] team0: Unable to change to the same mode the team is in [ 339.770485][T14421] tipc: Enabling of bearer rejected, already enabled [ 340.451799][ T5955] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 340.456531][ T5955] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 340.459606][ T5955] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 340.463895][ T5955] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 340.466874][ T5955] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 340.491010][T14436] ?H speed is unknown, defaulting to 1000 [ 340.493741][T14436] lo speed is unknown, defaulting to 1000 [ 340.586084][ T1183] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.609653][T14436] chnl_net:caif_netlink_parms(): no params data found [ 340.655014][ T1183] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.699836][T14436] bridge0: port 1(bridge_slave_0) entered blocking state [ 340.702551][T14436] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.704785][T14436] bridge_slave_0: entered allmulticast mode [ 340.714776][T14436] bridge_slave_0: entered promiscuous mode [ 340.720107][T14436] bridge0: port 2(bridge_slave_1) entered blocking state [ 340.722517][T14436] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.724913][T14436] bridge_slave_1: entered allmulticast mode [ 340.731953][T14436] bridge_slave_1: entered promiscuous mode [ 340.773443][ T1183] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.780087][T14436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 340.784825][T14436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 340.829775][T14436] team0: Port device team_slave_0 added [ 340.830485][T14449] netlink: 'syz.1.2516': attribute type 1 has an invalid length. [ 340.833632][T14436] team0: Port device team_slave_1 added [ 340.878877][T14449] bond2: entered promiscuous mode [ 340.881384][T14449] 8021q: adding VLAN 0 to HW filter on device bond2 [ 340.940883][ T1183] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.016602][T14451] bond2: (slave veth5): making interface the new active one [ 341.019005][T14451] veth5: entered promiscuous mode [ 341.022387][T14451] bond2: (slave veth5): Enslaving as an active interface with an up link [ 341.025517][T14436] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 341.027747][T14436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.036228][T14436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 341.057886][T14436] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 341.060531][T14436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.068473][T14436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 341.123321][T14436] hsr_slave_0: entered promiscuous mode [ 341.125863][T14436] hsr_slave_1: entered promiscuous mode [ 341.810614][T14461] netlink: 'syz.3.2519': attribute type 21 has an invalid length. [ 341.867898][ T1183] bond0 (unregistering): Released all slaves [ 341.940750][ T1183] bond1 (unregistering): Released all slaves [ 342.010978][ T1183] bond2 (unregistering): Released all slaves [ 342.086850][ T1183] bond3 (unregistering): Released all slaves [ 342.153855][ T1183] bond4 (unregistering): Released all slaves [ 342.220796][ T1183] bond5 (unregistering): Released all slaves [ 342.293856][ T1183] bond6 (unregistering): (slave veth9): Releasing backup interface [ 342.296566][ T1183] veth9: left promiscuous mode [ 342.300288][ T1183] bond6 (unregistering): Released all slaves [ 342.475297][ T5955] Bluetooth: hci1: command tx timeout [ 342.485964][ T1183] tipc: Disabling bearer [ 342.490163][ T1183] tipc: Left network mode [ 342.590742][T14475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2521'. [ 342.877916][ T1183] hsr_slave_0: left promiscuous mode [ 342.879979][ T1183] hsr_slave_1: left promiscuous mode [ 342.907461][ T1183] veth1_macvtap: left promiscuous mode [ 342.909420][ T1183] veth0_macvtap: left promiscuous mode [ 342.911193][ T1183] veth1_vlan: left promiscuous mode [ 344.494482][ T60] ?H speed is unknown, defaulting to 1000 [ 344.498910][ T60] infiniband sy: ib_query_port failed (-19) [ 344.555360][ T5955] Bluetooth: hci1: command tx timeout [ 344.644851][T14436] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 344.651088][T14436] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 344.658316][T14436] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 344.663776][T14436] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 344.790070][T14436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 344.800913][T14436] 8021q: adding VLAN 0 to HW filter on device team0 [ 344.807622][ T8120] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.809946][ T8120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.825506][ T8120] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.827766][ T8120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 344.862646][ T1183] IPVS: stop unused estimator thread 0... [ 344.944959][T14526] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2527'. [ 344.983667][T14436] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 345.009410][T14436] veth0_vlan: entered promiscuous mode [ 345.015118][T14436] veth1_vlan: entered promiscuous mode [ 345.028885][T14436] veth0_macvtap: entered promiscuous mode [ 345.032585][T14436] veth1_macvtap: entered promiscuous mode [ 345.041335][T14436] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 345.049242][T14436] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 345.053795][T14436] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.057281][T14436] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.059988][T14436] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.062754][T14436] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.111210][ T8120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.113661][ T8120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.132629][ T8120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.135052][ T8120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.335460][T14542] ebtables: wrong size: *len 80, entries_size 48, replsz 48 [ 345.337265][ T63] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 345.342763][ T63] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 345.345955][ T63] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 345.348611][ T63] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 345.351144][ T63] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 345.372450][T14540] lo speed is unknown, defaulting to 1000 [ 345.511381][T14540] chnl_net:caif_netlink_parms(): no params data found [ 345.713414][T14540] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.717762][T14540] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.723460][T14540] bridge_slave_0: entered allmulticast mode [ 345.726796][T14540] bridge_slave_0: entered promiscuous mode [ 345.730417][T14540] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.732719][T14540] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.735011][T14540] bridge_slave_1: entered allmulticast mode [ 345.737690][T14540] bridge_slave_1: entered promiscuous mode [ 345.768187][T14540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 345.772740][T14540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 345.807331][T14540] team0: Port device team_slave_0 added [ 345.810773][T14540] team0: Port device team_slave_1 added [ 345.847920][T14540] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 345.850600][T14540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.858784][T14540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 345.865456][T14540] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 345.868354][T14540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.876577][ T60] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 345.879476][T14540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 345.939664][T14540] hsr_slave_0: entered promiscuous mode [ 345.942699][T14540] hsr_slave_1: entered promiscuous mode [ 345.945706][T14540] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 345.949890][T14540] Cannot create hsr debugfs directory [ 346.025377][ T60] usb 8-1: Using ep0 maxpacket: 32 [ 346.032535][ T60] usb 8-1: unable to get BOS descriptor or descriptor too short [ 346.036094][ T60] usb 8-1: config 7 has an invalid interface number: 4 but max is 3 [ 346.038712][ T60] usb 8-1: config 7 has an invalid interface number: 72 but max is 3 [ 346.043185][ T60] usb 8-1: config 7 has an invalid interface number: 174 but max is 3 [ 346.048853][ T60] usb 8-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 346.052211][ T60] usb 8-1: config 7 has 3 interfaces, different from the descriptor's value: 4 [ 346.055456][ T60] usb 8-1: config 7 has no interface number 0 [ 346.057409][ T60] usb 8-1: config 7 has no interface number 1 [ 346.059302][ T60] usb 8-1: config 7 has no interface number 2 [ 346.061273][ T60] usb 8-1: config 7 interface 4 altsetting 252 endpoint 0x8E has invalid maxpacket 1024, setting to 64 [ 346.064635][ T60] usb 8-1: config 7 interface 4 altsetting 252 has an endpoint descriptor with address 0x2D, changing to 0xD [ 346.070702][ T60] usb 8-1: config 7 interface 4 altsetting 252 endpoint 0xD has an invalid bInterval 227, changing to 7 [ 346.074113][ T60] usb 8-1: config 7 interface 4 altsetting 252 endpoint 0xD has invalid maxpacket 25884, setting to 1024 [ 346.079476][ T60] usb 8-1: config 7 interface 4 altsetting 252 has a duplicate endpoint with address 0x7, skipping [ 346.083084][ T60] usb 8-1: config 7 interface 4 altsetting 252 has an invalid descriptor for endpoint zero, skipping [ 346.088324][ T60] usb 8-1: config 7 interface 4 altsetting 252 endpoint 0x2 has invalid maxpacket 1632, setting to 64 [ 346.091903][ T60] usb 8-1: config 7 interface 4 altsetting 252 has 8 endpoint descriptors, different from the interface descriptor's value: 13 [ 346.096174][ T60] usb 8-1: too many endpoints for config 7 interface 72 altsetting 164: 246, using maximum allowed: 30 [ 346.099790][ T60] usb 8-1: config 7 interface 72 altsetting 164 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 346.103344][ T60] usb 8-1: config 7 interface 72 altsetting 164 has an invalid descriptor for endpoint zero, skipping [ 346.108670][ T60] usb 8-1: config 7 interface 72 altsetting 164 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 346.112179][ T60] usb 8-1: config 7 interface 72 altsetting 164 has a duplicate endpoint with address 0x7, skipping [ 346.116062][ T60] usb 8-1: config 7 interface 72 altsetting 164 has 4 endpoint descriptors, different from the interface descriptor's value: 246 [ 346.120295][ T60] usb 8-1: too many endpoints for config 7 interface 174 altsetting 121: 53, using maximum allowed: 30 [ 346.123768][ T60] usb 8-1: config 7 interface 174 altsetting 121 has a duplicate endpoint with address 0xF, skipping [ 346.127551][ T60] usb 8-1: config 7 interface 174 altsetting 121 has 2 endpoint descriptors, different from the interface descriptor's value: 53 [ 346.131792][ T60] usb 8-1: config 7 interface 4 has no altsetting 0 [ 346.133923][ T60] usb 8-1: config 7 interface 72 has no altsetting 0 [ 346.136124][ T60] usb 8-1: config 7 interface 174 has no altsetting 0 [ 346.139892][ T60] usb 8-1: New USB device found, idVendor=0b3c, idProduct=c001, bcdDevice=57.f5 [ 346.142815][ T60] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.145548][ T60] usb 8-1: Product: syz [ 346.146920][ T60] usb 8-1: Manufacturer: ⮻苵邘戡礴ꨠ㗣䐶ⓕꖲ懎䟊⍋꺷셄䛃偟넔⡎䜨舗틉ꡟၜݩ嶲邮ꗥⷁ屻鞬ﬖ䉗濴⊛௥⟷匙꨸ [ 346.152003][ T60] usb 8-1: SerialNumber: syz [ 346.369063][ T60] option 8-1:7.72: GSM modem (1-port) converter detected [ 346.381010][ T60] option 8-1:7.174: GSM modem (1-port) converter detected [ 346.388941][ T60] usb 8-1: USB disconnect, device number 4 [ 346.398811][ T60] option 8-1:7.72: device disconnected [ 346.401532][ T60] option 8-1:7.174: device disconnected [ 346.434242][T14540] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 346.439542][T14570] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 346.449847][T14540] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 346.453860][T14540] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 346.458423][T14540] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 346.475820][T14540] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.478094][T14540] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.480542][T14540] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.482798][T14540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.510460][T14540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.520191][ T8118] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.524579][ T8118] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.539685][T14540] 8021q: adding VLAN 0 to HW filter on device team0 [ 346.546176][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.548468][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.553151][ T8117] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.555431][ T8117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.577410][T14540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 346.635591][ T63] Bluetooth: hci1: command tx timeout [ 346.676871][T14540] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 346.703173][T14540] veth0_vlan: entered promiscuous mode [ 346.708864][T14540] veth1_vlan: entered promiscuous mode [ 346.721532][T14540] veth0_macvtap: entered promiscuous mode [ 346.736031][T14540] veth1_macvtap: entered promiscuous mode [ 346.744394][T14540] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 346.785365][T14540] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 346.815598][T14540] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.818312][T14540] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.821017][T14540] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.823721][T14540] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.997005][ T8118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.075695][ T8118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.155898][ T1070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 347.175437][ T1070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 347.355449][ T63] Bluetooth: hci2: command tx timeout [ 347.729375][ T6029] IPVS: starting estimator thread 0... [ 347.821196][T14621] IPVS: using max 44 ests per chain, 105600 per kthread [ 348.651636][T14647] bridge_slave_0: left allmulticast mode [ 348.653459][T14647] bridge_slave_0: left promiscuous mode [ 348.656021][T14647] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.660157][T14647] bridge_slave_1: left allmulticast mode [ 348.661981][T14647] bridge_slave_1: left promiscuous mode [ 348.663807][T14647] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.670029][T14647] bond0: (slave bond_slave_0): Releasing backup interface [ 348.674715][T14647] bond0: (slave bond_slave_1): Releasing backup interface [ 348.690392][T14647] team0: Port device team_slave_0 removed [ 348.695123][T14647] team0: Port device team_slave_1 removed [ 348.697893][T14647] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 348.700184][T14647] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 348.703238][T14647] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 348.706645][T14647] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 348.715546][ T63] Bluetooth: hci1: command tx timeout [ 348.764790][T14647] team0: Mode changed to "roundrobin" [ 348.770306][T14647] vlan0: entered promiscuous mode [ 348.774723][T14647] tipc: Started in network mode [ 348.776429][T14647] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 348.778697][T14647] tipc: Enabled bearer , priority 0 [ 348.820981][T14657] binder_alloc: 14654: binder_alloc_buf, no vma [ 349.117949][T14676] @: renamed from vlan0 [ 349.435289][ T63] Bluetooth: hci2: command tx timeout [ 349.835858][T14681] netlink: 'syz.2.2570': attribute type 1 has an invalid length. [ 349.905293][ T840] tipc: Node number set to 11578026 [ 350.615974][T14691] binder_alloc: 14690: binder_alloc_buf, no vma [ 350.678898][T14693] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2574'. [ 350.700939][T14693] 8021q: adding VLAN 0 to HW filter on device team1 [ 351.517715][ T63] Bluetooth: hci2: command tx timeout [ 351.841670][ T40] kauditd_printk_skb: 62 callbacks suppressed [ 351.841684][ T40] audit: type=1326 audit(1751209324.099:9730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14723 comm="syz.3.2582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000 [ 351.854622][ T40] audit: type=1326 audit(1751209324.109:9731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14723 comm="syz.3.2582" exe="/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf7f91579 code=0x7ffc0000 [ 351.862970][ T40] audit: type=1326 audit(1751209324.109:9732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14723 comm="syz.3.2582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000 [ 351.871034][ T40] audit: type=1326 audit(1751209324.109:9733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14723 comm="syz.3.2582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000 [ 351.878797][ T40] audit: type=1326 audit(1751209324.109:9734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14723 comm="syz.3.2582" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f91579 code=0x7ffc0000 [ 351.893426][ T40] audit: type=1326 audit(1751209324.109:9735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14723 comm="syz.3.2582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000 [ 351.903277][ T40] audit: type=1326 audit(1751209324.109:9736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14723 comm="syz.3.2582" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7f91579 code=0x7ffc0000 [ 351.910269][ T40] audit: type=1326 audit(1751209324.109:9737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14723 comm="syz.3.2582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000 [ 351.916992][ T40] audit: type=1326 audit(1751209324.109:9738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14723 comm="syz.3.2582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000 [ 351.924260][ T40] audit: type=1326 audit(1751209324.109:9739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14723 comm="syz.3.2582" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f91579 code=0x7ffc0000 [ 351.983569][T14737] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2588'. [ 352.037427][T14740] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2583'. [ 352.146002][T14741] lo speed is unknown, defaulting to 1000 [ 352.461991][T14750] FAULT_INJECTION: forcing a failure. [ 352.461991][T14750] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 352.466636][T14750] CPU: 3 UID: 0 PID: 14750 Comm: syz.1.2592 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 352.466653][T14750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 352.466659][T14750] Call Trace: [ 352.466663][T14750] [ 352.466668][T14750] dump_stack_lvl+0x16c/0x1f0 [ 352.466759][T14750] should_fail_ex+0x512/0x640 [ 352.466796][T14750] _copy_from_user+0x2e/0xd0 [ 352.466812][T14750] get_compat_msghdr+0xa7/0x170 [ 352.466829][T14750] ? __pfx_get_compat_msghdr+0x10/0x10 [ 352.466850][T14750] ___sys_sendmsg+0x1ae/0x1d0 [ 352.466866][T14750] ? __pfx____sys_sendmsg+0x10/0x10 [ 352.466888][T14750] ? find_held_lock+0x2b/0x80 [ 352.466906][T14750] __sys_sendmsg+0x16d/0x220 [ 352.466922][T14750] ? __pfx___sys_sendmsg+0x10/0x10 [ 352.466942][T14750] ? rcu_is_watching+0x12/0xc0 [ 352.466954][T14750] __do_fast_syscall_32+0x7c/0x3a0 [ 352.466971][T14750] do_fast_syscall_32+0x32/0x80 [ 352.466986][T14750] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.466999][T14750] RIP: 0023:0xf7fd6579 [ 352.467008][T14750] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 352.467018][T14750] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 352.467028][T14750] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000040 [ 352.467034][T14750] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 352.467040][T14750] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 352.467046][T14750] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 352.467051][T14750] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 352.467064][T14750] [ 353.315722][T14768] netlink: 216 bytes leftover after parsing attributes in process `syz.3.2597'. [ 353.319507][T14768] netlink: 'syz.3.2597': attribute type 10 has an invalid length. [ 353.325374][T14768] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2597'. [ 353.523498][T14779] ALSA: mixer_oss: invalid OSS volume '' [ 353.545399][T14779] qnx4: no qnx4 filesystem (no root dir). [ 353.595310][ T63] Bluetooth: hci2: command tx timeout [ 353.851479][T14788] geneve2: entered promiscuous mode [ 353.853202][T14788] geneve2: entered allmulticast mode [ 354.412398][T14793] misc userio: Invalid payload size [ 354.616937][T14796] netlink: 'syz.2.2607': attribute type 1 has an invalid length. [ 354.891522][T14800] 9pnet: Unknown protocol version 9p20\++} [ 354.897537][T14802] netlink: 'syz.2.2617': attribute type 1 has an invalid length. [ 354.909590][T14802] bond1 (unregistering): Released all slaves [ 354.937152][T14803] bond1 (unregistering): Released all slaves [ 355.155981][T14820] ip6tnl2: entered promiscuous mode [ 355.157726][T14820] ip6tnl2: entered allmulticast mode [ 355.161740][T14820] team0: Device ip6tnl2 is of different type [ 356.516485][T14875] binder: BINDER_SET_CONTEXT_MGR already set [ 356.520678][T14875] binder: 14874:14875 ioctl 4018620d 80000040 returned -16 [ 356.695911][T14883] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2636'. [ 356.815266][ T1334] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 356.915846][T14891] trusted_key: encrypted_key: insufficient parameters specified [ 356.965376][ T1334] usb 5-1: Using ep0 maxpacket: 8 [ 356.969302][ T1334] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 356.972353][ T1334] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 356.976486][ T1334] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 356.979543][ T1334] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 356.983778][ T1334] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 356.986649][ T1334] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.009212][T14896] tipc: Started in network mode [ 357.010866][T14896] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 357.017279][T14896] tipc: Enabled bearer , priority 10 [ 357.053653][T14898] binder: BINDER_SET_CONTEXT_MGR already set [ 357.058637][T14898] binder: 14897:14898 ioctl 4018620d 80000040 returned -16 [ 357.194303][ T1334] usb 5-1: GET_CAPABILITIES returned 0 [ 357.196439][ T1334] usbtmc 5-1:16.0: can't read capabilities [ 357.512137][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 358.025413][ T1334] tipc: Node number set to 4269801488 [ 359.019609][T14936] netlink: 'syz.2.2650': attribute type 1 has an invalid length. [ 359.055704][T14940] binder: BINDER_SET_CONTEXT_MGR already set [ 359.058409][T14940] binder: 14939:14940 ioctl 4018620d 80000040 returned -16 [ 359.072367][T14936] bond1: entered promiscuous mode [ 359.077196][T14936] 8021q: adding VLAN 0 to HW filter on device bond1 [ 359.258968][T14941] bond1: (slave veth3): making interface the new active one [ 359.261677][T14941] veth3: entered promiscuous mode [ 359.264815][T14941] bond1: (slave veth3): Enslaving as an active interface with an up link [ 359.597117][ T135] usb 5-1: USB disconnect, device number 13 [ 360.325897][T14958] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2657'. [ 360.610677][T14964] netlink: 216 bytes leftover after parsing attributes in process `syz.0.2660'. [ 360.613994][T14964] netlink: 'syz.0.2660': attribute type 10 has an invalid length. [ 360.616886][T14964] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2660'. [ 360.689797][T14968] geneve2: entered promiscuous mode [ 360.691530][T14968] geneve2: entered allmulticast mode [ 361.541596][T14984] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2666'. [ 363.737191][T15021] binder: 15020:15021 ioctl c0306201 80000180 returned -14 [ 363.827396][T15027] binder: BINDER_SET_CONTEXT_MGR already set [ 363.829774][T15027] binder: 15026:15027 ioctl 4018620d 80000040 returned -16 [ 364.043122][T15039] netlink: 'syz.2.2687': attribute type 21 has an invalid length. [ 364.069775][T15041] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2688'. [ 364.094677][T15041] overlayfs: failed to create directory ./file1/work (errno: 22); mounting read-only [ 364.133282][T15043] bridge_slave_0: left allmulticast mode [ 364.137232][T15043] bridge_slave_0: left promiscuous mode [ 364.139578][T15043] bridge0: port 1(bridge_slave_0) entered disabled state [ 364.146774][T15043] bridge_slave_1: left allmulticast mode [ 364.149109][T15043] bridge_slave_1: left promiscuous mode [ 364.151405][T15043] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.176111][T15043] bond0: (slave bond_slave_0): Releasing backup interface [ 364.183890][T15043] bond0: (slave bond_slave_1): Releasing backup interface [ 364.204664][T15043] team0: Port device team_slave_0 removed [ 364.216084][T15043] team0: Port device team_slave_1 removed [ 364.218855][T15043] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 364.222061][T15043] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 364.228756][T15043] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 364.231635][T15043] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 364.248744][T15043] bond1: (slave veth3): Releasing backup interface [ 364.251341][T15043] veth3: left promiscuous mode [ 364.283488][T15049] team0: Mode changed to "roundrobin" [ 364.294889][T15043] vlan0: entered promiscuous mode [ 364.299953][T15043] tipc: Enabled bearer , priority 0 [ 364.479446][T15063] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2693'. [ 364.501109][T15063] 8021q: adding VLAN 0 to HW filter on device team1 [ 365.087248][T15079] ntfs3(nullb0): Primary boot signature is not NTFS. [ 365.090379][T15079] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 366.282517][T15124] netlink: 'syz.1.2711': attribute type 1 has an invalid length. [ 366.301202][T15124] bond3: entered promiscuous mode [ 366.303873][T15124] 8021q: adding VLAN 0 to HW filter on device bond3 [ 366.580276][T15124] bond3: (slave veth7): making interface the new active one [ 366.583532][T15124] veth7: entered promiscuous mode [ 366.588202][T15124] bond3: (slave veth7): Enslaving as an active interface with an up link [ 366.844671][T15138] netlink: 216 bytes leftover after parsing attributes in process `syz.0.2717'. [ 366.850826][T15138] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2717'. [ 366.860939][T15138] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2717'. [ 367.420440][T15148] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2720'. [ 367.790267][T15170] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 367.793752][ T61] Bluetooth: hci0: Frame reassembly failed (-84) [ 367.800544][ T61] Bluetooth: hci0: Frame reassembly failed (-84) [ 368.079191][ T40] kauditd_printk_skb: 38 callbacks suppressed [ 368.079208][ T40] audit: type=1326 audit(1751209340.339:9778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15172 comm="syz.3.2728" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x0 [ 368.199836][T15178] xt_hashlimit: Unknown mode mask 2000, kernel too old? [ 369.845376][ T63] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 369.918537][T15210] binder: 15209:15210 ioctl c0306201 80000180 returned -14 [ 369.950914][T15212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2742'. [ 370.049630][T15219] tipc: Started in network mode [ 370.051366][T15219] tipc: Node identity ff80000000000000000000000000001, cluster identity 4711 [ 370.054178][T15219] tipc: Enabling of bearer rejected, failed to enable media [ 370.338046][T15231] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2750'. [ 370.395885][ T840] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 370.409502][ T40] audit: type=1326 audit(1751209342.669:9779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15235 comm="syz.0.2752" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb3579 code=0x0 [ 370.478069][T15237] lo speed is unknown, defaulting to 1000 [ 370.540955][T15237] sp0: Synchronizing with TNC [ 370.546866][ T840] usb 8-1: Using ep0 maxpacket: 16 [ 370.550832][ T840] usb 8-1: config 0 has an invalid descriptor of length 208, skipping remainder of the config [ 370.557068][ T840] usb 8-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xA5, changing to 0x85 [ 370.561615][ T840] usb 8-1: config 0 interface 0 altsetting 1 endpoint 0x85 has an invalid bInterval 161, changing to 11 [ 370.566259][ T840] usb 8-1: config 0 interface 0 altsetting 1 endpoint 0x85 has invalid maxpacket 26366, setting to 1024 [ 370.570677][ T840] usb 8-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 370.575908][ T840] usb 8-1: config 0 interface 0 has no altsetting 0 [ 370.588102][ T840] usb 8-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 370.591111][ T840] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.593730][ T840] usb 8-1: Product: syz [ 370.595058][ T840] usb 8-1: Manufacturer: syz [ 370.599386][ T840] usb 8-1: SerialNumber: syz [ 370.604498][ T840] usb 8-1: config 0 descriptor?? [ 370.606671][T15226] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 370.809683][T15226] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 370.814011][ T840] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input27 [ 371.082228][ T1334] usb 8-1: USB disconnect, device number 5 [ 372.429011][T15276] netlink: 'syz.0.2763': attribute type 1 has an invalid length. [ 372.457930][T15276] bond1: entered promiscuous mode [ 372.459929][T15276] 8021q: adding VLAN 0 to HW filter on device bond1 [ 372.513965][T15276] bond1: (slave veth3): making interface the new active one [ 372.517929][T15276] veth3: entered promiscuous mode [ 372.520602][T15276] bond1: (slave veth3): Enslaving as an active interface with an up link [ 372.560417][T15280] xt_CT: You must specify a L4 protocol and not use inversions on it [ 372.752514][T15282] 9pnet_virtio: no channels available for device syz [ 372.942995][T15287] netlink: 216 bytes leftover after parsing attributes in process `syz.3.2766'. [ 372.945980][T15287] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2766'. [ 372.948720][T15287] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2766'. [ 373.006669][T15289] geneve2: entered promiscuous mode [ 373.008917][T15289] geneve2: entered allmulticast mode [ 373.158426][T15294] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2769'. [ 373.169247][T15294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2769'. [ 373.276113][T15294] team0 (unregistering): Port device team_slave_0 removed [ 373.281516][T15294] team0 (unregistering): Port device team_slave_1 removed [ 373.708959][T15304] sp0: Synchronizing with TNC [ 373.778984][T15305] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2772'. [ 373.927111][T15307] netlink: 'syz.0.2773': attribute type 1 has an invalid length. [ 374.233909][T15315] 9pnet_virtio: no channels available for device syz [ 374.772583][T15328] netlink: 'syz.1.2781': attribute type 4 has an invalid length. [ 374.778800][T15328] netlink: 'syz.1.2781': attribute type 4 has an invalid length. [ 374.996644][T15341] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 375.959547][T15357] binder: 15355:15357 ioctl c0306201 80000180 returned -14 [ 375.966960][T15359] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2792'. [ 375.995797][T15363] netlink: 'syz.0.2794': attribute type 21 has an invalid length. [ 376.003106][T15365] binder: BINDER_SET_CONTEXT_MGR already set [ 376.007135][T15365] binder: 15364:15365 ioctl 4018620d 80000040 returned -16 [ 376.014770][T15362] loop2: detected capacity change from 0 to 7 [ 376.019975][T15362] Dev loop2: unable to read RDB block 7 [ 376.021939][T15362] loop2: AHDI p1 p2 [ 376.023176][T15362] loop2: partition table partially beyond EOD, truncated [ 376.028184][T15362] loop2: p1 size 4244635647 extends beyond EOD, truncated [ 376.068888][ T5356] Dev loop2: unable to read RDB block 7 [ 376.070693][ T5356] loop2: AHDI p1 p2 [ 376.071969][ T5356] loop2: partition table partially beyond EOD, truncated [ 376.074505][ T5356] loop2: p1 size 4244635647 extends beyond EOD, truncated [ 376.079307][T15370] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2797'. [ 376.154086][ T5356] Dev loop2: unable to read RDB block 7 [ 376.156751][ T5356] loop2: AHDI p1 p2 [ 376.157986][ T5356] loop2: partition table partially beyond EOD, truncated [ 376.160226][ T5356] loop2: p1 size 4244635647 extends beyond EOD, truncated [ 376.181419][T13772] udevd[13772]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 376.412400][T15396] binder: BINDER_SET_CONTEXT_MGR already set [ 376.414497][T15396] binder: 15395:15396 ioctl 4018620d 80000040 returned -16 [ 376.678377][T15417] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2807'. [ 376.681364][T15417] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2807'. [ 376.728710][T15417] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2807'. [ 376.731658][T15417] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2807'. [ 376.867630][T15417] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2807'. [ 376.870608][T15417] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2807'. [ 377.330588][T15422] Process accounting resumed [ 377.533461][T15445] binder: 15444:15445 ioctl c0306201 0 returned -14 [ 377.999709][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.001822][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.201920][T15454] netlink: 'syz.1.2818': attribute type 1 has an invalid length. [ 378.225439][T15454] bond4: entered promiscuous mode [ 378.227466][T15454] 8021q: adding VLAN 0 to HW filter on device bond4 [ 378.293511][T15454] bond4: (slave veth9): making interface the new active one [ 378.295985][T15454] veth9: entered promiscuous mode [ 378.299124][T15454] bond4: (slave veth9): Enslaving as an active interface with an up link [ 378.643485][ T40] audit: type=1326 audit(1751209350.899:9780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15466 comm="syz.2.2823" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 378.652411][T15467] overlayfs: failed to resolve './file1': -2 [ 378.654403][ T40] audit: type=1326 audit(1751209350.909:9781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15466 comm="syz.2.2823" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 378.668260][ T40] audit: type=1326 audit(1751209350.909:9782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15466 comm="syz.2.2823" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 378.675109][ T40] audit: type=1326 audit(1751209350.909:9783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15466 comm="syz.2.2823" exe="/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 378.682404][ T40] audit: type=1326 audit(1751209350.909:9784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15466 comm="syz.2.2823" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 378.689301][ T40] audit: type=1326 audit(1751209350.909:9785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15466 comm="syz.2.2823" exe="/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 378.696131][ T40] audit: type=1326 audit(1751209350.909:9786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15466 comm="syz.2.2823" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 378.705283][ T40] audit: type=1326 audit(1751209350.909:9787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15466 comm="syz.2.2823" exe="/syz-executor" sig=0 arch=40000003 syscall=185 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 378.711837][ T40] audit: type=1326 audit(1751209350.909:9788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15466 comm="syz.2.2823" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 378.718756][ T40] audit: type=1326 audit(1751209350.909:9789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15466 comm="syz.2.2823" exe="/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf708e579 code=0x7ffc0000 [ 378.762179][T15473] netlink: 'syz.2.2825': attribute type 1 has an invalid length. [ 378.898521][T15478] lo speed is unknown, defaulting to 1000 [ 379.220781][T15495] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.291254][T15495] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.361469][T15495] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.485866][T15495] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.640094][T15495] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.648790][T15495] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.656292][T15495] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.665804][T15495] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.488238][T15539] tipc: Enabled bearer , priority 10 [ 380.577106][T15552] binder: 15551:15552 ioctl c0306201 80000180 returned -14 [ 380.607645][T15556] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2856'. [ 380.961065][T15565] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2859'. [ 381.045078][T15568] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2860'. [ 381.109281][T15567] ------------[ cut here ]------------ [ 381.111325][T15567] WARNING: CPU: 2 PID: 15567 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 381.115270][T15567] Modules linked in: [ 381.117577][T15567] CPU: 2 UID: 0 PID: 15567 Comm: syz.0.2860 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 381.123723][T15567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 381.128251][T15567] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0 [ 381.131207][T15567] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 bf 61 6b 09 83 fe 0a 0f 86 0a fe ff ff 80 3d 50 fd 7b 0e 00 75 0b c6 05 47 fd 7b 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8 [ 381.139123][T15567] RSP: 0018:ffffc9000e3078c8 EFLAGS: 00010246 SYZFAIL: failed to recv rpc [ 381.142069][T15567] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 381.145765][T15567] RDX: 0000000000000000 RSI: 000000000000001d RDI: 0000000000040d40 [ 381.149073][T15567] RBP: 0000018000008000 R08: 0000000000000007 R09: 0000000000000000 fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 381.153884][T15567] R10: 0000018000008000 R11: 0000000000000001 R12: 000000000000001d [ 381.157092][T15567] R13: 1ffff92001c60f2e R14: 0000018000008000 R15: 000000000000001d [ 381.157418][T15567] FS: 0000000000000000(0000) GS:ffff88809775f000(0063) knlGS:00000000f50d6b40 [ 381.157448][T15567] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 381.157463][T15567] CR2: 0000000080001000 CR3: 000000004b2bb000 CR4: 0000000000352ef0 [ 381.157475][T15567] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 381.157487][T15567] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 381.157501][T15567] Call Trace: [ 381.157509][T15567] [ 381.157528][T15567] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 381.157564][T15567] ? kasan_quarantine_put+0x10a/0x240 [ 381.157588][T15567] ? lockdep_hardirqs_on+0x7c/0x110 [ 381.157617][T15567] ? kfree+0x2b4/0x4d0 [ 381.157638][T15567] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 381.157662][T15567] ? p9_client_clunk+0x12a/0x170 [ 381.157685][T15567] ? p9_client_clunk+0x12f/0x170 [ 381.157706][T15567] ? v9fs_fid_get_acl+0x7a/0x120 [ 381.157732][T15567] __alloc_pages_noprof+0xb/0x1b0 [ 381.166361][T15574] input: syz1 as /devices/virtual/input/input28 [ 381.167268][T15567] ___kmalloc_large_node+0x84/0x1e0 [ 381.205426][T15567] ? v9fs_fid_get_acl+0x7a/0x120 [ 381.207222][T15567] __kmalloc_large_node_noprof+0x1c/0x70 [ 381.209559][T15567] __kmalloc_noprof.cold+0xc/0x61 [ 381.211560][T15567] ? __pfx_iget5_locked+0x10/0x10 [ 381.213339][T15567] ? v9fs_cache_inode_get_cookie+0x28f/0x3a0 [ 381.215477][T15567] v9fs_fid_get_acl+0x7a/0x120 [ 381.217149][T15567] v9fs_get_acl+0xee/0x530 [ 381.218718][T15567] v9fs_inode_from_fid_dotl+0x264/0x2f0 [ 381.220538][T15567] v9fs_mount+0x4fd/0xa30 [ 381.221946][T15567] ? rcu_is_watching+0x12/0xc0 [ 381.223455][T15567] ? __pfx_v9fs_mount+0x10/0x10 [ 381.225040][T15567] ? apparmor_capable+0x114/0x1d0 [ 381.226705][T15567] ? __pfx_v9fs_mount+0x10/0x10 [ 381.228264][T15567] legacy_get_tree+0x109/0x220 [ 381.229784][T15567] vfs_get_tree+0x8b/0x340 [ 381.231236][T15567] path_mount+0x1414/0x2020 [ 381.232683][T15567] ? kmem_cache_free+0x2d1/0x4d0 [ 381.234390][T15567] ? __pfx_path_mount+0x10/0x10 [ 381.236297][T15567] ? getname_flags.part.0+0x1c5/0x550 [ 381.238105][T15567] ? putname+0x154/0x1a0 [ 381.239445][T15567] __ia32_sys_mount+0x28b/0x310 [ 381.241042][T15567] ? __pfx___ia32_sys_mount+0x10/0x10 [ 381.242727][T15567] ? rcu_is_watching+0x12/0xc0 [ 381.244224][T15567] __do_fast_syscall_32+0x7c/0x3a0 [ 381.245913][T15567] do_fast_syscall_32+0x32/0x80 [ 381.247450][T15567] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 381.249425][T15567] RIP: 0023:0xf7fb3579 [ 381.250755][T15567] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 381.257052][T15567] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 381.259704][T15567] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800003c0 [ 381.262221][T15567] RDX: 0000000080000b80 RSI: 0000000000000000 RDI: 0000000080000500 [ 381.264670][T15567] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 381.267391][T15567] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 381.269840][T15567] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 381.272350][T15567] [ 381.273336][T15567] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 381.275620][T15567] CPU: 2 UID: 0 PID: 15567 Comm: syz.0.2860 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 381.279285][T15567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 381.282621][T15567] Call Trace: [ 381.283685][T15567] [ 381.284634][T15567] dump_stack_lvl+0x3d/0x1f0 [ 381.286110][T15567] panic+0x71c/0x800 [ 381.287347][T15567] ? __pfx_panic+0x10/0x10 [ 381.288758][T15567] ? show_trace_log_lvl+0x29b/0x3e0 [ 381.290460][T15567] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 381.292363][T15567] check_panic_on_warn+0xab/0xb0 [ 381.293909][T15567] __warn+0xf6/0x3c0 [ 381.295142][T15567] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 381.297031][T15567] report_bug+0x3c3/0x580 [ 381.298394][T15567] ? __alloc_frozen_pages_noprof+0x30b/0x23f0 [ 381.300304][T15567] handle_bug+0x184/0x210 [ 381.301674][T15567] exc_invalid_op+0x17/0x50 [ 381.303095][T15567] asm_exc_invalid_op+0x1a/0x20 [ 381.304631][T15567] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0 [ 381.306703][T15567] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 bf 61 6b 09 83 fe 0a 0f 86 0a fe ff ff 80 3d 50 fd 7b 0e 00 75 0b c6 05 47 fd 7b 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8 [ 381.312586][T15567] RSP: 0018:ffffc9000e3078c8 EFLAGS: 00010246 [ 381.314466][T15567] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 381.316906][T15567] RDX: 0000000000000000 RSI: 000000000000001d RDI: 0000000000040d40 [ 381.319337][T15567] RBP: 0000018000008000 R08: 0000000000000007 R09: 0000000000000000 [ 381.321822][T15567] R10: 0000018000008000 R11: 0000000000000001 R12: 000000000000001d [ 381.324257][T15567] R13: 1ffff92001c60f2e R14: 0000018000008000 R15: 000000000000001d [ 381.326715][T15567] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 381.328687][T15567] ? kasan_quarantine_put+0x10a/0x240 [ 381.330369][T15567] ? lockdep_hardirqs_on+0x7c/0x110 [ 381.332030][T15567] ? kfree+0x2b4/0x4d0 [ 381.333306][T15567] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 381.335114][T15567] ? p9_client_clunk+0x12a/0x170 [ 381.336676][T15567] ? p9_client_clunk+0x12f/0x170 [ 381.338219][T15567] ? v9fs_fid_get_acl+0x7a/0x120 [ 381.339774][T15567] __alloc_pages_noprof+0xb/0x1b0 [ 381.341394][T15567] ___kmalloc_large_node+0x84/0x1e0 [ 381.343007][T15567] ? v9fs_fid_get_acl+0x7a/0x120 [ 381.344560][T15567] __kmalloc_large_node_noprof+0x1c/0x70 [ 381.346300][T15567] __kmalloc_noprof.cold+0xc/0x61 [ 381.347867][T15567] ? __pfx_iget5_locked+0x10/0x10 [ 381.349444][T15567] ? v9fs_cache_inode_get_cookie+0x28f/0x3a0 [ 381.351345][T15567] v9fs_fid_get_acl+0x7a/0x120 [ 381.352858][T15567] v9fs_get_acl+0xee/0x530 [ 381.354256][T15567] v9fs_inode_from_fid_dotl+0x264/0x2f0 [ 381.355979][T15567] v9fs_mount+0x4fd/0xa30 [ 381.357326][T15567] ? rcu_is_watching+0x12/0xc0 [ 381.358824][T15567] ? __pfx_v9fs_mount+0x10/0x10 [ 381.360370][T15567] ? apparmor_capable+0x114/0x1d0 [ 381.361976][T15567] ? __pfx_v9fs_mount+0x10/0x10 [ 381.363501][T15567] legacy_get_tree+0x109/0x220 [ 381.365028][T15567] vfs_get_tree+0x8b/0x340 [ 381.366428][T15567] path_mount+0x1414/0x2020 [ 381.367852][T15567] ? kmem_cache_free+0x2d1/0x4d0 [ 381.369413][T15567] ? __pfx_path_mount+0x10/0x10 [ 381.370982][T15567] ? getname_flags.part.0+0x1c5/0x550 [ 381.372670][T15567] ? putname+0x154/0x1a0 [ 381.373992][T15567] __ia32_sys_mount+0x28b/0x310 [ 381.375518][T15567] ? __pfx___ia32_sys_mount+0x10/0x10 [ 381.377202][T15567] ? rcu_is_watching+0x12/0xc0 [ 381.378705][T15567] __do_fast_syscall_32+0x7c/0x3a0 [ 381.380331][T15567] do_fast_syscall_32+0x32/0x80 [ 381.381891][T15567] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 381.383853][T15567] RIP: 0023:0xf7fb3579 [ 381.385169][T15567] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 381.391103][T15567] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 381.393690][T15567] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800003c0 [ 381.396124][T15567] RDX: 0000000080000b80 RSI: 0000000000000000 RDI: 0000000080000500 [ 381.398556][T15567] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 381.401021][T15567] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 381.403458][T15567] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 381.405909][T15567] [ 381.407552][T15567] Kernel Offset: disabled [ 381.408912][T15567] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:02:33 Registers: info registers vcpu 0 CPU#0 RAX=00000000006d41eb RBX=0000000000000000 RCX=ffffffff8b7cfc29 RDX=0000000000000000 RSI=ffffffff8de13e03 RDI=ffffffff8c1566a0 RBP=fffffbfff1c52ef0 RSP=ffffffff8e207e08 R8 =0000000000000001 R9 =ffffed1005646645 R10=ffff88802b23322b R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e297780 R14=ffffffff90a82850 R15=0000000000000000 RIP=ffffffff8b7ce78f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809755f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c326106 CR3=000000000e382000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000007c00000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=ffff88805e522440 RBX=ffffffff8e5c47c0 RCX=0000000000000001 RDX=0000000000000000 RSI=ffffffff822d1640 RDI=fffffbfff1cb88f8 RBP=0000000000000002 RSP=ffffc900045e74b0 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81980713 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809765f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000584bd4c0 CR3=00000000642be000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000049 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85587475 RDI=ffffffff9b06da00 RBP=ffffffff9b06d9c0 RSP=ffffc9000e307230 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000049 R14=ffffffff9b06d9c0 R15=ffffffff85587410 RIP=ffffffff8558749f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809775f000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080001000 CR3=000000004b2bb000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0508800209800205 800216fc08000806 73a0000000000000 00000000000001ff ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 80030002020141cc 002e01ffffffffff fffffffb08000310 08800a0510098008 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8003080800000800 0280020808000000 000810060a0173b0 1ffffffff0080002 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0300100013900301 0000060806138803 0604001384037002 0013820336020013 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000010008000fff ffffff0202080018 8008001bc4080001 00000608060c010d ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fa0010000201739e 1380020000000a10 0600000008100606 0173a20000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ffffffffffffffff d70813d803000400 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 13d40304040013d0 0302100013c00302 080013b803000800 13b00300100013a0 ZMM25=2de875eb2de875eb 2de875eb2de875eb 2de875eb2de875eb 2de875eb2de875eb 2de875eb2de875eb 2de875eb2de875eb 2de875eb2de875eb 2de875eb2de875eb ZMM26=d0eb5b5ad0eb5b5a d0eb5b5ad0eb5b5a d0eb5b5ad0eb5b5a d0eb5b5ad0eb5b5a d0eb5b5ad0eb5b5a d0eb5b5ad0eb5b5a d0eb5b5ad0eb5b5a d0eb5b5ad0eb5b5a ZMM27=0d6900990d690099 0d6900990d690099 0d6900990d690099 0d6900990d690099 0d6900990d690099 0d6900990d690099 0d6900990d690099 0d6900990d690099 ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=c90e0000c90e0000 c90e0000c90e0000 c90e0000c90e0000 c90e0000c90e0000 c90e0000c90e0000 c90e0000c90e0000 c90e0000c90e0000 c90e0000c90e0000 info registers vcpu 3 CPU#3 RAX=0000000000799c9d RBX=0000000000000003 RCX=ffffffff8b7cfc29 RDX=0000000000000000 RSI=ffffffff8de13e03 RDI=ffffffff8c1566a0 RBP=ffffed1003bdd000 RSP=ffffc9000048fdf8 R8 =0000000000000001 R9 =ffffed10056a6645 R10=ffff88802b53322b R11=0000000000000001 R12=0000000000000003 R13=ffff88801dee8000 R14=ffffffff90a82850 R15=0000000000000000 RIP=ffffffff8b7ce78f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809785f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c38237e CR3=000000004b2bb000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002000002 Opmask01=0000000000110101 Opmask02=000000007ffeffff Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000557a60799ce0 0000557a60799ce0 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000557a60789a70 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f15a9bf1b20 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f15a9bf1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff00ffffff00 00000000ff000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d11c44ca84dd5bfe 7373260c44adc3cc ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737372f2 7373737373737373 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e69646165520073 25203a656c696620 7974706d6520676e 697070696b530065 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4245484d4952005f 090c164940454a0c 55585c41490c4b42 455c5c4547530049 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7361647c2a737369 63637c2a65686361 63627c2a6476787c 2a64767c2a64737c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e2e65726f632e74 656e2e6c74637379 73203034313d6873 657268745f676f64 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656c6f736e6f6320 6164732f7665642f 3d746f6f7220313d 6e7261775f6e6f5f ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 63696e6170203233 3d78616d5f736462 6e2032333d706f6f 6c5f78616d203233 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d6d756e2e646368 5f796d6d75642030 34313d736365735f 74756f656d69745f ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265747369676572 6e755f7665647465 6e2e65726f632e74 656e2e6c74637379 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000