last executing test programs: 5.510657124s ago: executing program 3 (id=2490): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) shutdown(r0, 0x1) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0xa00, 0x200007fd, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, 0x0, 0x0, 0x4008004) 5.510441827s ago: executing program 3 (id=2491): bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r0 = creat(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x22) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) getsockopt$rose(0xffffffffffffffff, 0x104, 0x7, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) munlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffb000/0x2000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x42001, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "df3f0400000000000000000000000609000040"}) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000240)={0x60000000}) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000001c0)=""/124, &(0x7f0000000300)=0x7c) syz_open_pts(r1, 0x4003) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, r3, 0x0, &(0x7f0000000180)) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_setup(0x2, &(0x7f0000002400)) 5.370153912s ago: executing program 3 (id=2493): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000580)={'team0\x00', 0x0}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d00, 0x0, 0x9}]}) r7 = syz_open_dev$vim2m(&(0x7f0000000480), 0x12, 0x2) syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00') ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) r8 = timerfd_create(0x1, 0x80800) r9 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r9, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f0000000440)={'batadv_slave_0\x00'}) timerfd_settime(r8, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) socket$alg(0x26, 0x5, 0x0) openat$sndseq(0xffffff9c, &(0x7f0000000080), 0x40100) syz_open_dev$dri(&(0x7f00000000c0), 0x9, 0x0) ioctl$vim2m_VIDIOC_EXPBUF(r7, 0xc0405610, &(0x7f0000000040)={0x2}) r10 = socket$alg(0x26, 0x5, 0x0) bind$alg(r10, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r11 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), r1) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r1, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x80, r11, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x8}, @MPTCP_PM_ATTR_ADDR={0x3c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xf0}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x18}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010102}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xbb}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x7}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x7}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x2}]}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x1) read$watch_queue(0xffffffffffffffff, &(0x7f0000000600)=""/218, 0xda) r12 = accept4(r10, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r12, @ANYBLOB=',wfdno=', @ANYRESOCT=r10]) r13 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x60, r13, 0x809, 0x70bd29, 0x25dfdbfe, {}, [{{0x8, 0x1, r3}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r2}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x40040) 4.69282205s ago: executing program 3 (id=2495): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)="f53a203d594ec59e821bdb50c6ac4b338505f54874dae5239c5ca826dd388a0bb8b7", 0x22}], 0x1}}], 0x1, 0x4000c000) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x4, 0x9, 0x41495043, 0x9, 0x5, [{0x1, 0xb}, {0x3, 0x9}, {0x3, 0x3ff}, {0x8, 0x7a25}, {}, {0xffff, 0xffff8000}, {0x7, 0x4}, {0x4, 0x10000}], 0xa, 0x7f, 0x4, 0x0, 0x1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) openat$tun(0xffffff9c, 0x0, 0x2401, 0x0) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x4, 0x6, @broadcast}, 0x14) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r3, 0x0, 0x2b, &(0x7f0000000340)={0x400, {{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x25}}}, {{0x2, 0x0, @broadcast}}}, 0x108) getsockopt$inet_buf(r3, 0x0, 0x30, &(0x7f0000000340)=""/223, &(0x7f0000000180)=0xdf) socket$nl_generic(0x10, 0x3, 0x10) ftruncate(r2, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r4, r2, 0x0, 0x578410eb) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="040804"], 0x7) r6 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f0000000100)=[{0x10, 0x110, 0x1}], 0x10}, 0x8000) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 3.824855471s ago: executing program 2 (id=2498): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000340)="0a0003000100", 0x6) 2.74763496s ago: executing program 2 (id=2502): statx(0xffffffffffffff9c, 0x0, 0x3000, 0x8, &(0x7f00000015c0)) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x7, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000200)="449d060721b9e6bb51f2f6f20504", 0x0, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 2.534676764s ago: executing program 2 (id=2506): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8003, 0x0, 0x0, 0x0, 0x10}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5df6, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000540)={0x2c, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0x8, 0x0, 0x0, 0x0, @uid=0xee00}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x5, 0x1, 0x0, 0x0, @binary='1'}]}]}, 0x2c}], 0x1}, 0x0) 2.478775992s ago: executing program 0 (id=2508): dup(0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r4, r2, r3, 0x0, 0x0, 0x0, 0xddffffff}) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$RTC_ALM_SET(r6, 0x8008700b, &(0x7f0000000080)={0x2e, 0x27, 0x1, 0x1d, 0x1, 0x4, 0x2, 0x16b, 0xffffffffffffffff}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) open(&(0x7f00000000c0)='./cgroup/../file0\x00', 0x20000, 0x180) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000040), 0x12) r7 = openat$cgroup_subtree(r5, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r7, &(0x7f0000000040)={[{0x2b, 'pids'}]}, 0x6) socket$inet6_tcp(0xa, 0x1, 0x0) madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66) r8 = socket(0x2b, 0x80801, 0x1) syz_emit_ethernet(0x5e, &(0x7f00000017c0)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @initdev={0xfe, 0x4, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x4, 0x0, '\x00', @dev={0xfe, 0x80, '\x00', 0x8}, @dev={0xfe, 0x80, '\x00', 0xff}}}}}}}, 0x0) connect$inet6(r8, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c) setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f0000000040)={0x89, @multicast2, 0x4e20, 0x3, 'nq\x00', 0x1, 0x7, 0x48}, 0x2c) syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e00f20c06635000000400f22c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x54}], 0x1555555555555457, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x2, 0x5000, 0x1000, &(0x7f000013c000/0x1000)=nil}) 2.478444695s ago: executing program 0 (id=2509): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) socket$inet(0x2, 0x3, 0x8) r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) lgetxattr(0x0, &(0x7f0000000040)=@known='trusted.overlay.upper\x00', 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'erspan0\x00'}) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x2) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e220000060005"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r5, 0x8910, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_mtu=0x6}) ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000)) ioctl$FS_IOC_SETFLAGS(r0, 0x541b, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000c6e4b62cd4cd512d2d0006213ff7616c1e39549ba65d22851e03418199e35271225c8607431bae145ba10c77d39ffadd46f56aa814abd9bf4669f086376d685f49af", @ANYRES16=r7, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) 2.408755628s ago: executing program 2 (id=2511): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)={0x30, r2, 0x1, 0x0, 0x25dfdbf8, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0xa9f7}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040}, 0x20048800) (fail_nth: 5) 2.248957629s ago: executing program 2 (id=2512): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @empty}}) (fail_nth: 3) 2.231610963s ago: executing program 1 (id=2513): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x44, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x44}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="8c0000000906010200000000000000000200ffff08000940000000390900020073797a310000000005000100070000005c0008801c0007801800018014000240"], 0x8c}, 0x1, 0x0, 0x0, 0x10000182}, 0x4000080) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@newlink={0x54, 0x10, 0x409, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x1c, 0x5, 0x0, 0x1, [@IFLA_BRPORT_GROUP_FWD_MASK={0x6, 0x1f, 0x1}, @IFLA_BRPORT_PROXYARP={0x5}, @IFLA_BRPORT_MULTICAST_ROUTER={0x5, 0x19, 0x2}]}}}]}, 0x54}}, 0x0) 2.218648783s ago: executing program 3 (id=2514): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r1) socket$inet6(0xa, 0x2, 0x3a) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x21, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) recvmmsg(r4, &(0x7f0000004180)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000680)=""/4089, 0xff9}, {&(0x7f0000004280)=""/4093, 0xffd}, {&(0x7f0000002700)=""/4096, 0x1000}], 0x3}, 0x7}], 0x1, 0x40000000, 0x0) (fail_nth: 5) 2.099200543s ago: executing program 2 (id=2515): r0 = syz_usb_connect(0x0, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f3330106030109021200"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCGPKT(r1, 0x40045431, &(0x7f00000024c0)) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001080)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x11}, 0x0) r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000f00)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="090b000000000000000000000000000000002ac586c94f3c343be4163bc87b98338e84f868e479f738873b15f0bb1aa36bb0d4c16a123bf6f998dabc6286dd73418c13f05fabcbdfb8d47f60fdc0dbee8499a974d7c95daa525ff85ae1acca5069d8e59db0cc3018a5b12de6f19caab10fccc5f3a36782c47a0628523488eebf089227bff6c756f8f72fb15d62377482d4d2c80b0fb98958ac6d0eee0d4765f6f9c692cdc2475115c23bf0125c821598818d3ab9e05206f58e26890a2e35490386fba00a5e7abbefce10508668e70803", @ANYRES32], 0x24}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r7 = syz_io_uring_setup(0x1714, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r7, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r6, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) syz_usb_connect(0x6, 0x24, 0x0, 0x0) io_uring_enter(r7, 0x27e2, 0x0, 0x0, 0x0, 0x0) capset(0x0, &(0x7f0000000040)={0x200000, 0x200000, 0x4, 0x0, 0x0, 0xfffffffe}) r10 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_buf(r10, 0x0, 0x4, &(0x7f0000000040)="442810bc996c301c8107070400", 0x28) sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000880)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000640)={&(0x7f0000000800)={0x4c, 0x0, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x98, 0x3}}}}, [@NL80211_ATTR_CQM={0x4}, @NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0x9]}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x5}]}, @NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0xad}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0xc}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x90}, 0x4c050) syz_usb_control_io(r0, &(0x7f0000000740)={0x18, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x415}}, &(0x7f0000000580)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f00000005c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x10, 0x81, 0x2, "d165a6a8", "8924e307"}}, &(0x7f0000000700)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3b, 0x4, 0x0, 0x4, 0x0, 0x8, 0x4}}}, &(0x7f0000000e80)={0x44, &(0x7f0000000a40)={0x20, 0x30, 0xb4, "b8e361e8d1fb3fea8b849873182ca9e8de6f06a1670c9ec67dcfc0d66e5e0ee8e78124dd77a03ff8b6315e410b2947bb8d3f0be93b85ba1c6cbc60cb4f7e66d24a78f98ec7a1f5ac4162bd0cbe31014e82ad7d0ecbbafc56288f5437266f72bdea7e704134e522667a43fec0e0ee989e47720d9a07c71388b26645968dcb282f96d455bbb9bead5cc746d3e64cfcea39ce0602c23346956d839526ce30ae25de17bfb38baec105beb291837cd60c7a2a87a58980"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0x2}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x9}, 0x0, &(0x7f0000000b40)={0x20, 0x0, 0x8, {0x120, 0x1, [0xf]}}, &(0x7f0000000b80)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000000c00)={0x40, 0x9, 0x1, 0x4}, &(0x7f0000000c40)={0x40, 0xb, 0x2, "df24"}, &(0x7f0000000c80)={0x40, 0xf, 0x2, 0x4}, &(0x7f0000000cc0)={0x40, 0x13, 0x6, @random="6e1a14655bd3"}, &(0x7f0000000d00)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000d40)={0x40, 0x19, 0x2, "c0bc"}, &(0x7f0000000d80)={0x40, 0x1a, 0x2}, &(0x7f0000000dc0)={0x40, 0x1c, 0x1, 0x6}, &(0x7f0000000e00)={0x40, 0x1e, 0x1, 0xf}, &(0x7f0000000e40)={0x40, 0x21, 0x1, 0x6}}) ioctl$I2C_RDWR(r3, 0x707, &(0x7f0000002580)={&(0x7f0000000200)=[{0x3, 0x1000, 0x0, 0x0}, {0x8000, 0xa00, 0x0, 0x0}], 0x2}) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000180)={0xc, &(0x7f0000000040)={0x20, 0x9, 0xeb, {0xeb, 0x30, "304feb07e8a22499e5f36b8285a0996ffe911ae4ec2c7c689a1b6b49100eb14f56aef945c5eebb7e841de3867ccffa53354c41b78d2e85c9c9890274b7bdb96d182986bd994a0a99dc4938fe0591859c8e51e05031b08c9328cab17262355e9abaf6d8372aa37fc8c048a97de8574d64df17ee386b43d7e1d41a42940c8d9be3e6c70411d8992efc17d04f07c6c5605ba8c5f92efc62435c46333828afa46c65256f3b73e779459ae9c6c9b3771d2c19c878157a2fbeac7dc7ae003313e4a6f87c073f9ac6d257f6b273d29fbeeb3505f6fd9734f0de0e62229e2eb992ac149eff6b9ca187f66a751c"}}, &(0x7f0000000140)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000500)={0x24, &(0x7f0000000240)={0x40, 0xc, 0xb9, "517124dc1daaa5bf52686176e136b0931945f03671611ed68afa024717b62fb2332af3a8eabc3a79c37a443b8c62466b7249b90e84617dee302bd3504858acd940726b429487f3465539ca614dd8cdef39363160ca95928706b46216f1d9a763d86d3f78796ab6d744fe7e0dec4943bb5aebd8d4da9fc1ad2a49ffd9dd8a1b83c7e8863acd2714834f7d5232593209218704ee710ba56151172d21dc6b325552ef173a535594a4bfae31d93c2fe2819f6c2d0d1ba4caa26175"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0xf9}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x6}, 0x0, &(0x7f0000000400)={0x20, 0x85, 0x4, 0xc7}, &(0x7f0000000440)={0x20, 0x83, 0x2}, &(0x7f0000000480)={0x20, 0x87, 0x2, 0x2}, &(0x7f00000004c0)={0x20, 0x89, 0x2}}) 2.040241313s ago: executing program 1 (id=2516): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x14, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback, 0x8000000}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) syz_open_dev$sndctrl(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r3, 0x0, 0x40000}, 0x18) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x800001, 0x0, 0x0, 0x0) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0xfffffffe}, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44040000) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "000001fffbffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "faffffffffffffff"}, 0x28) sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) 1.444542405s ago: executing program 0 (id=2517): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='contention_end\x00', 0xffffffffffffffff, 0x0, 0x1000000000}, 0x18) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000540)={0x2c, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0x8, 0x0, 0x0, 0x0, @uid=0xee00}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x5, 0x1, 0x0, 0x0, @binary='1'}]}]}, 0x2c}], 0x1}, 0x0) 605.850668ms ago: executing program 0 (id=2518): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) r2 = socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$FBIOBLANK(r3, 0x4611, 0x1f) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'pimreg0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newqdisc={0x6c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0x8}, {0xe}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x1ff}}, @qdisc_kind_options=@q_fq={{0x7}, {0x2c, 0x2, [@TCA_FQ_BUCKETS_LOG={0x8, 0x8, 0x16}, @TCA_FQ_FLOW_PLIMIT={0x8, 0x2, 0x8}, @TCA_FQ_ORPHAN_MASK={0x8, 0xa, 0x6}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x5}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x1}]}}]}, 0x6c}}, 0x0) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6005, &(0x7f0000000040)=0x7, 0x7, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) getpeername$unix(r5, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = eventfd2(0x65c, 0x80000) r9 = eventfd2(0x4001, 0x800) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000140)={r9, 0xc4, 0x2, r9}) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000100)={r8, 0x7, 0x2, r9}) ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000180)=ANY=[@ANYBLOB="0000000000000000484a1b733176d8d57c7e27d11d73ad5a"]) r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00') read$FUSE(r10, &(0x7f0000002140)={0x2020}, 0x2020) quotactl$Q_SETINFO(0xffffffff80000601, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'netpci0\x00', 0x6bf1c2d5adba8c12}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r12, 0xae60) ioctl$KVM_CREATE_PIT2(r12, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) 605.573975ms ago: executing program 1 (id=2519): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @empty}}) 578.335389ms ago: executing program 1 (id=2520): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x3, 0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x3f, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x4, 0xb}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_SRC={0x8, 0x1b, @local}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8848}, 0x20000800) 527.20199ms ago: executing program 3 (id=2521): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, r1, 0x1, 0x300, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0xc0c4) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, 0x0, 0x0) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f00000014c0)=@filter={'filter\x00', 0x42, 0x4, 0x430, 0xffffffff, 0x11a8, 0x0, 0x98, 0xffffffff, 0xffffffff, 0x13c8, 0x13c8, 0x13c8, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'netpci0\x00', 'nr0\x00'}, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28}}, {{@ip={@remote, @broadcast, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_1\x00'}, 0x287, 0xb8, 0xe0, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x0, 0xfffffffffffffffe}}]}, @REJECT={0x28}}, {{@ip={@loopback, @broadcast, 0x0, 0x0, 'dvmrp1\x00', 'dummy0\x00'}, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'gre0\x00'}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x1, 0x1, 0x5, 0x5, 0x1, 0x4], 0x6, 0x1}, {0x2, [0x0, 0x4, 0x5, 0x1, 0x2, 0x5], 0x0, 0x2}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x490) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x34, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0xffffffff, 0x0]}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}]}]}, 0x34}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r8 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r9, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r10, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r8, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) 409.154019ms ago: executing program 1 (id=2522): r0 = memfd_create(&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t%\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c\x87\x1e|C\xd8\x01\xd0\xf5\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajnW\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) openat$ppp(0xffffffffffffff9c, &(0x7f0000000b40), 0x600, 0x0) (async) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) (async) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, 0x0, 0x10}, 0x8000) (async) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc}, {0xffffff76, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x9, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x36c, 0x5, 0x0, 0xaff9}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) fcntl$setpipe(r0, 0x407, 0xf) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) (async) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) (async) creat(&(0x7f0000000000)='./file1\x00', 0x5c) (async) r4 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x2f, r5}) 401.507299ms ago: executing program 1 (id=2523): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x4541b6bf, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000080)={0xf0f003, 0x6}) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) write$cgroup_int(r3, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef) bpf$ENABLE_STATS(0x20, 0x0, 0x0) 61.259067ms ago: executing program 0 (id=2524): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x44, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x44}}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="8c0000000906010200000000000000000200ffff08000940000000390900020073797a310000000005000100070000005c0008801c0007801800018014000240"], 0x8c}, 0x1, 0x0, 0x0, 0x10000182}, 0x4000080) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@newlink={0x54, 0x10, 0x409, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x1c, 0x5, 0x0, 0x1, [@IFLA_BRPORT_GROUP_FWD_MASK={0x6, 0x1f, 0x1}, @IFLA_BRPORT_PROXYARP={0x5}, @IFLA_BRPORT_MULTICAST_ROUTER={0x5, 0x19, 0x2}]}}}]}, 0x54}}, 0x0) 0s ago: executing program 0 (id=2525): socket$nl_netfilter(0x10, 0x3, 0xc) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x0, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x8, 0x0, 0x0}}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mprotect(&(0x7f00000ff000/0x14000)=nil, 0x14000, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r4, 0xc044560f, &(0x7f0000000080)=@mmap={0x7f, 0x1, 0x4, 0x10, 0xb200, {}, {0x5, 0x0, 0x3, 0x0, 0x81, 0x2, "e43d8daa"}, 0x1, 0x1, {}, 0x10}) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003400200000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x19, 0x20000000, 0x0) socket$packet(0x11, 0x3, 0x300) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r6, &(0x7f0000000040)='./file0\x00', 0x0) mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x0, 0x0) landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) kernel console output (not intermixed with test programs): ][T14079] ? __pfx_netlink_unicast+0x10/0x10 [ 544.646189][T14079] netlink_sendmsg+0x8d1/0xdd0 [ 544.646215][T14079] ? __pfx_netlink_sendmsg+0x10/0x10 [ 544.646240][T14079] ? __import_iovec+0x1c8/0x660 [ 544.646269][T14079] ____sys_sendmsg+0xa95/0xc70 [ 544.646297][T14079] ? __pfx_____sys_sendmsg+0x10/0x10 [ 544.646322][T14079] ? get_compat_msghdr+0x11a/0x170 [ 544.646354][T14079] ___sys_sendmsg+0x134/0x1d0 [ 544.646377][T14079] ? __pfx____sys_sendmsg+0x10/0x10 [ 544.646428][T14079] __sys_sendmsg+0x16d/0x220 [ 544.646450][T14079] ? __pfx___sys_sendmsg+0x10/0x10 [ 544.646481][T14079] ? rcu_is_watching+0x12/0xc0 [ 544.646501][T14079] __do_fast_syscall_32+0x73/0x120 [ 544.646528][T14079] do_fast_syscall_32+0x32/0x80 [ 544.646555][T14079] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 544.646575][T14079] RIP: 0023:0xf711e579 [ 544.646589][T14079] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 544.646605][T14079] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 544.646622][T14079] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 544.646633][T14079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 544.646642][T14079] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 544.646652][T14079] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 544.646661][T14079] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 544.646683][T14079] [ 544.756657][ C2] hpet: Lost 5 RTC interrupts [ 544.822152][T14089] lo: entered allmulticast mode [ 544.835618][T14089] lo: left allmulticast mode [ 544.874283][T14095] lo: entered allmulticast mode [ 544.878571][T14094] lo: left allmulticast mode [ 545.155728][T14104] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2217'. [ 545.242171][ T5977] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 545.395327][ T5977] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 545.398757][ T5977] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 545.401865][ T5977] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 545.408079][ T5977] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 545.411114][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 545.413780][ T5977] usb 5-1: Product: syz [ 545.415228][ T5977] usb 5-1: Manufacturer: syz [ 545.416784][ T5977] usb 5-1: SerialNumber: syz [ 545.623952][ T5977] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 74 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 545.893562][T12079] usb 5-1: USB disconnect, device number 74 [ 545.904884][T12079] usblp0: removed [ 545.937208][T14117] FAULT_INJECTION: forcing a failure. [ 545.937208][T14117] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 545.943301][T14117] CPU: 3 UID: 0 PID: 14117 Comm: syz.2.2219 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 545.943324][T14117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 545.943334][T14117] Call Trace: [ 545.943339][T14117] [ 545.943345][T14117] dump_stack_lvl+0x16c/0x1f0 [ 545.943373][T14117] should_fail_ex+0x512/0x640 [ 545.943414][T14117] _copy_from_user+0x2e/0xd0 [ 545.943431][T14117] kstrtouint_from_user+0xd6/0x1d0 [ 545.943450][T14117] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 545.943468][T14117] ? __lock_acquire+0xaa4/0x1ba0 [ 545.943500][T14117] proc_fail_nth_write+0x83/0x250 [ 545.943523][T14117] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 545.943552][T14117] vfs_write+0x25c/0x1180 [ 545.943566][T14117] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 545.943592][T14117] ? __pfx___mutex_lock+0x10/0x10 [ 545.943616][T14117] ? __pfx_vfs_write+0x10/0x10 [ 545.943638][T14117] ? __fget_files+0x20e/0x3c0 [ 545.943660][T14117] ksys_write+0x12a/0x240 [ 545.943674][T14117] ? __pfx_ksys_write+0x10/0x10 [ 545.943691][T14117] ? rcu_is_watching+0x12/0xc0 [ 545.943709][T14117] __do_fast_syscall_32+0x73/0x120 [ 545.943735][T14117] do_fast_syscall_32+0x32/0x80 [ 545.943759][T14117] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 545.943778][T14117] RIP: 0023:0xf711e579 [ 545.943790][T14117] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 545.943805][T14117] RSP: 002b:00000000f510e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 545.943819][T14117] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f510e620 [ 545.943829][T14117] RDX: 0000000000000001 RSI: 00000000f7482ff4 RDI: 0000000000000000 [ 545.943838][T14117] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 545.943847][T14117] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 545.943856][T14117] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 545.943877][T14117] [ 545.952241][ T8129] Bluetooth: hci1: command 0x0c1a tx timeout [ 546.394261][ T29] usb 6-1: USB disconnect, device number 55 [ 546.620923][ T5938] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 546.627343][ T5938] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 546.631156][ T5938] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 546.635352][ T5938] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 546.639024][ T5938] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 546.680698][T14135] lo speed is unknown, defaulting to 1000 [ 546.684574][T14135] lo speed is unknown, defaulting to 1000 [ 546.913827][ T46] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.995174][T14135] chnl_net:caif_netlink_parms(): no params data found [ 547.059739][ T46] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.200930][ T46] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.210930][T14135] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.214531][T14135] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.217738][T14135] bridge_slave_0: entered allmulticast mode [ 547.220503][T14135] bridge_slave_0: entered promiscuous mode [ 547.227105][T14135] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.230318][T14135] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.237588][T14135] bridge_slave_1: entered allmulticast mode [ 547.241695][T14135] bridge_slave_1: entered promiscuous mode [ 547.260140][ T46] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.303843][T14135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 547.309040][T14135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 547.386276][T14135] team0: Port device team_slave_0 added [ 547.391961][T14135] team0: Port device team_slave_1 added [ 547.452536][T14135] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 547.455058][T14135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.464044][T14135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 547.473302][T14135] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 547.475621][T14135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.486014][T14135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 548.004420][ T46] bond0 (unregistering): Released all slaves [ 548.076439][ T46] bond1 (unregistering): Released all slaves [ 548.157596][T14135] hsr_slave_0: entered promiscuous mode [ 548.160074][T14135] hsr_slave_1: entered promiscuous mode [ 548.163533][T14135] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 548.167736][T14135] Cannot create hsr debugfs directory [ 548.554949][ T46] hsr_slave_0: left promiscuous mode [ 548.557654][ T46] hsr_slave_1: left promiscuous mode [ 548.589382][ T46] veth1_macvtap: left promiscuous mode [ 548.591137][ T46] veth0_macvtap: left promiscuous mode [ 548.592991][ T46] veth1_vlan: left promiscuous mode [ 548.594669][ T46] veth0_vlan: left promiscuous mode [ 548.662213][ T8129] Bluetooth: hci2: command tx timeout [ 550.113157][ T8129] Bluetooth: hci0: command 0x0406 tx timeout [ 550.361277][ T1457] lo speed is unknown, defaulting to 1000 [ 550.376636][T14212] macvlan0: entered allmulticast mode [ 550.376775][ T1457] infiniband syz2: ib_query_port failed (-19) [ 550.378630][T14212] veth1_vlan: entered allmulticast mode [ 550.500061][T14224] kvm: kvm [14223]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x11e) = 0x3 [ 550.630736][T14135] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 550.658729][T14135] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 550.675277][T14135] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 550.680753][T14135] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 550.731133][T14135] 8021q: adding VLAN 0 to HW filter on device bond0 [ 550.744593][T14135] 8021q: adding VLAN 0 to HW filter on device team0 [ 550.750168][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 550.752242][ T8129] Bluetooth: hci2: command tx timeout [ 550.752492][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 550.764959][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 550.767232][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 550.814060][ T46] IPVS: stop unused estimator thread 0... [ 550.938975][T14135] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 550.963975][T14135] veth0_vlan: entered promiscuous mode [ 550.971770][T14135] veth1_vlan: entered promiscuous mode [ 550.990880][T14135] veth0_macvtap: entered promiscuous mode [ 550.999345][T14135] veth1_macvtap: entered promiscuous mode [ 551.008130][T14135] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 551.015157][T14135] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 551.020555][T14135] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.025548][T14135] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.028868][T14135] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.031562][T14135] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.082262][ T84] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 551.084737][ T84] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.106873][ T84] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 551.109842][ T84] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.134091][T14258] FAULT_INJECTION: forcing a failure. [ 551.134091][T14258] name failslab, interval 1, probability 0, space 0, times 0 [ 551.138371][T14258] CPU: 2 UID: 0 PID: 14258 Comm: syz.0.2246 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 551.138397][T14258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 551.138403][T14258] Call Trace: [ 551.138407][T14258] [ 551.138412][T14258] dump_stack_lvl+0x16c/0x1f0 [ 551.138443][T14258] should_fail_ex+0x512/0x640 [ 551.138463][T14258] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 551.138477][T14258] should_failslab+0xc2/0x120 [ 551.138490][T14258] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 551.138502][T14258] ? __alloc_skb+0x2b2/0x380 [ 551.138517][T14258] __alloc_skb+0x2b2/0x380 [ 551.138529][T14258] ? __pfx___alloc_skb+0x10/0x10 [ 551.138541][T14258] ? genl_rcv_msg+0x4bb/0x800 [ 551.138560][T14258] netlink_ack+0x15d/0xb80 [ 551.138574][T14258] ? __lock_acquire+0xaa4/0x1ba0 [ 551.138592][T14258] netlink_rcv_skb+0x347/0x440 [ 551.138606][T14258] ? __pfx_genl_rcv_msg+0x10/0x10 [ 551.138622][T14258] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 551.138643][T14258] ? __pfx_down_read+0x10/0x10 [ 551.138654][T14258] ? netlink_deliver_tap+0x1ae/0xd30 [ 551.138669][T14258] genl_rcv+0x28/0x40 [ 551.138683][T14258] netlink_unicast+0x53a/0x7f0 [ 551.138698][T14258] ? __pfx_netlink_unicast+0x10/0x10 [ 551.138716][T14258] netlink_sendmsg+0x8d1/0xdd0 [ 551.138732][T14258] ? __pfx_netlink_sendmsg+0x10/0x10 [ 551.138747][T14258] ? __import_iovec+0x1c8/0x660 [ 551.138760][T14258] ____sys_sendmsg+0xa95/0xc70 [ 551.138775][T14258] ? gfs2_seek_hole+0x74/0x270 [ 551.138790][T14258] ? __pfx_____sys_sendmsg+0x10/0x10 [ 551.138805][T14258] ? get_compat_msghdr+0x11a/0x170 [ 551.138823][T14258] ___sys_sendmsg+0x134/0x1d0 [ 551.138837][T14258] ? __pfx____sys_sendmsg+0x10/0x10 [ 551.138867][T14258] __sys_sendmsg+0x16d/0x220 [ 551.138880][T14258] ? __pfx___sys_sendmsg+0x10/0x10 [ 551.138897][T14258] ? rcu_is_watching+0x12/0xc0 [ 551.138909][T14258] ? rcu_is_watching+0x12/0xc0 [ 551.138920][T14258] __do_fast_syscall_32+0x73/0x120 [ 551.138937][T14258] do_fast_syscall_32+0x32/0x80 [ 551.138953][T14258] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 551.138966][T14258] RIP: 0023:0xf709e579 [ 551.138974][T14258] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 551.138985][T14258] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 551.138999][T14258] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000100 [ 551.139005][T14258] RDX: 0000000004008014 RSI: 0000000000000000 RDI: 0000000000000000 [ 551.139011][T14258] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 551.139017][T14258] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 551.139022][T14258] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 551.139035][T14258] [ 551.234811][ C2] vkms_vblank_simulate: vblank timer overrun [ 551.237199][ C2] hpet: Lost 5 RTC interrupts [ 552.325503][T14276] netlink: 'syz.0.2250': attribute type 13 has an invalid length. [ 552.331411][T14276] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap3 [ 552.413571][T14276] gretap3: default qdisc (pfifo_fast) fail, fallback to noqueue [ 552.417485][T14276] gretap3: entered promiscuous mode [ 552.419705][T14276] gretap3: entered allmulticast mode [ 552.427912][ T40] audit: type=1326 audit(1748270465.077:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14275 comm="syz.0.2250" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x0 [ 552.779794][T14284] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2253'. [ 552.780617][T14287] FAULT_INJECTION: forcing a failure. [ 552.780617][T14287] name failslab, interval 1, probability 0, space 0, times 0 [ 552.789036][T14287] CPU: 0 UID: 0 PID: 14287 Comm: syz.3.2254 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 552.789061][T14287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 552.789071][T14287] Call Trace: [ 552.789076][T14287] [ 552.789083][T14287] dump_stack_lvl+0x16c/0x1f0 [ 552.789113][T14287] should_fail_ex+0x512/0x640 [ 552.789138][T14287] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 552.789162][T14287] should_failslab+0xc2/0x120 [ 552.789183][T14287] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 552.789204][T14287] ? __alloc_skb+0x2b2/0x380 [ 552.789228][T14287] __alloc_skb+0x2b2/0x380 [ 552.789247][T14287] ? __pfx___alloc_skb+0x10/0x10 [ 552.789283][T14287] qdisc_notify.isra.0+0xde/0x3f0 [ 552.789312][T14287] qdisc_graft+0xdc6/0x17c0 [ 552.789343][T14287] ? __pfx_qdisc_graft+0x10/0x10 [ 552.789371][T14287] ? rcu_is_watching+0x12/0xc0 [ 552.789388][T14287] ? qdisc_create+0x5b3/0xfa0 [ 552.789417][T14287] tc_modify_qdisc+0xf14/0x2100 [ 552.789451][T14287] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 552.789497][T14287] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 552.789524][T14287] rtnetlink_rcv_msg+0x3c9/0xe90 [ 552.789550][T14287] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 552.789584][T14287] netlink_rcv_skb+0x16d/0x440 [ 552.789607][T14287] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 552.789630][T14287] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 552.789667][T14287] ? netlink_deliver_tap+0x1ae/0xd30 [ 552.789694][T14287] netlink_unicast+0x53a/0x7f0 [ 552.789720][T14287] ? __pfx_netlink_unicast+0x10/0x10 [ 552.789774][T14287] netlink_sendmsg+0x8d1/0xdd0 [ 552.789805][T14287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 552.789831][T14287] ? __import_iovec+0x1c8/0x660 [ 552.789855][T14287] ____sys_sendmsg+0xa95/0xc70 [ 552.789885][T14287] ? __pfx_____sys_sendmsg+0x10/0x10 [ 552.789910][T14287] ? get_compat_msghdr+0x11a/0x170 [ 552.789944][T14287] ___sys_sendmsg+0x134/0x1d0 [ 552.789968][T14287] ? __pfx____sys_sendmsg+0x10/0x10 [ 552.790027][T14287] __sys_sendmsg+0x16d/0x220 [ 552.790050][T14287] ? __pfx___sys_sendmsg+0x10/0x10 [ 552.790085][T14287] ? rcu_is_watching+0x12/0xc0 [ 552.790107][T14287] __do_fast_syscall_32+0x73/0x120 [ 552.790136][T14287] do_fast_syscall_32+0x32/0x80 [ 552.790163][T14287] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 552.790184][T14287] RIP: 0023:0xf7f27579 [ 552.790199][T14287] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 552.790214][T14287] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 552.790231][T14287] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800007c0 [ 552.790242][T14287] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 552.790260][T14287] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 552.790270][T14287] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 552.790279][T14287] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 552.790302][T14287] [ 552.822258][ T8129] Bluetooth: hci2: command tx timeout [ 553.289998][T14297] autofs: Bad value for 'fd' [ 553.518371][T14303] autofs: Bad value for 'fd' [ 553.575345][T14306] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2261'. [ 553.650397][T14306] 8021q: adding VLAN 0 to HW filter on device bond1 [ 553.654278][T14309] FAULT_INJECTION: forcing a failure. [ 553.654278][T14309] name failslab, interval 1, probability 0, space 0, times 0 [ 553.659433][T14309] CPU: 1 UID: 0 PID: 14309 Comm: syz.2.2261 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 553.659470][T14309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 553.659480][T14309] Call Trace: [ 553.659486][T14309] [ 553.659493][T14309] dump_stack_lvl+0x16c/0x1f0 [ 553.659523][T14309] should_fail_ex+0x512/0x640 [ 553.659548][T14309] ? __kvmalloc_node_noprof+0x122/0x600 [ 553.659570][T14309] should_failslab+0xc2/0x120 [ 553.659592][T14309] __kvmalloc_node_noprof+0x135/0x600 [ 553.659612][T14309] ? alloc_netdev_mqs+0xd2/0x1570 [ 553.659638][T14309] ? __pfx_ip6gre_tap_setup+0x10/0x10 [ 553.659660][T14309] ? alloc_netdev_mqs+0xd2/0x1570 [ 553.659680][T14309] alloc_netdev_mqs+0xd2/0x1570 [ 553.659709][T14309] rtnl_create_link+0xc10/0xfa0 [ 553.659735][T14309] rtnl_newlink+0xb69/0x2000 [ 553.659765][T14309] ? __pfx_rtnl_newlink+0x10/0x10 [ 553.659799][T14309] ? kfree_skbmem+0x1a4/0x1f0 [ 553.659838][T14309] ? rcu_is_watching+0x12/0xc0 [ 553.659857][T14309] ? trace_cap_capable+0x18d/0x200 [ 553.659885][T14309] ? find_held_lock+0x2b/0x80 [ 553.659900][T14309] ? __pfx_rtnl_newlink+0x10/0x10 [ 553.659921][T14309] ? __pfx_rtnl_newlink+0x10/0x10 [ 553.659940][T14309] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 553.659964][T14309] ? __pfx_rtnl_newlink+0x10/0x10 [ 553.659987][T14309] rtnetlink_rcv_msg+0x95b/0xe90 [ 553.660011][T14309] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 553.660046][T14309] netlink_rcv_skb+0x16d/0x440 [ 553.660069][T14309] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 553.660094][T14309] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 553.660132][T14309] ? netlink_deliver_tap+0x1ae/0xd30 [ 553.660157][T14309] netlink_unicast+0x53a/0x7f0 [ 553.660178][T14309] ? __pfx_netlink_unicast+0x10/0x10 [ 553.660207][T14309] netlink_sendmsg+0x8d1/0xdd0 [ 553.660233][T14309] ? __pfx_netlink_sendmsg+0x10/0x10 [ 553.660260][T14309] ? __import_iovec+0x1c8/0x660 [ 553.660281][T14309] ____sys_sendmsg+0xa95/0xc70 [ 553.660306][T14309] ? __pfx_____sys_sendmsg+0x10/0x10 [ 553.660329][T14309] ? get_compat_msghdr+0x11a/0x170 [ 553.660356][T14309] ___sys_sendmsg+0x134/0x1d0 [ 553.660370][T14309] ? __pfx____sys_sendmsg+0x10/0x10 [ 553.660401][T14309] __sys_sendmsg+0x16d/0x220 [ 553.660414][T14309] ? __pfx___sys_sendmsg+0x10/0x10 [ 553.660434][T14309] ? rcu_is_watching+0x12/0xc0 [ 553.660446][T14309] __do_fast_syscall_32+0x73/0x120 [ 553.660463][T14309] do_fast_syscall_32+0x32/0x80 [ 553.660479][T14309] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 553.660492][T14309] RIP: 0023:0xf711e579 [ 553.660501][T14309] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 553.660511][T14309] RSP: 002b:00000000f50ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 553.660521][T14309] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 553.660527][T14309] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 553.660533][T14309] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 553.660539][T14309] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 553.660544][T14309] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 553.660558][T14309] [ 554.192009][T14332] autofs: Bad value for 'fd' [ 554.231905][T14336] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2270'. [ 554.237935][T14336] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2270'. [ 554.294823][T14338] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2271'. [ 554.314810][T14333] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2268'. [ 554.335773][T14340] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2272'. [ 554.340376][T14340] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2272'. [ 554.344923][T14340] FAULT_INJECTION: forcing a failure. [ 554.344923][T14340] name failslab, interval 1, probability 0, space 0, times 0 [ 554.349889][T14340] CPU: 0 UID: 0 PID: 14340 Comm: syz.1.2272 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 554.349915][T14340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 554.349922][T14340] Call Trace: [ 554.349926][T14340] [ 554.349930][T14340] dump_stack_lvl+0x16c/0x1f0 [ 554.349949][T14340] should_fail_ex+0x512/0x640 [ 554.349965][T14340] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 554.349979][T14340] should_failslab+0xc2/0x120 [ 554.349992][T14340] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 554.350004][T14340] ? __alloc_skb+0x2b2/0x380 [ 554.350019][T14340] __alloc_skb+0x2b2/0x380 [ 554.350030][T14340] ? __pfx___alloc_skb+0x10/0x10 [ 554.350041][T14340] ? __pfx_tc_ctl_chain+0x10/0x10 [ 554.350061][T14340] netlink_ack+0x15d/0xb80 [ 554.350079][T14340] netlink_rcv_skb+0x347/0x440 [ 554.350093][T14340] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 554.350113][T14340] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 554.350134][T14340] ? netlink_deliver_tap+0x1ae/0xd30 [ 554.350150][T14340] netlink_unicast+0x53a/0x7f0 [ 554.350165][T14340] ? __pfx_netlink_unicast+0x10/0x10 [ 554.350183][T14340] netlink_sendmsg+0x8d1/0xdd0 [ 554.350207][T14340] ? __pfx_netlink_sendmsg+0x10/0x10 [ 554.350221][T14340] ? __import_iovec+0x1c8/0x660 [ 554.350238][T14340] ____sys_sendmsg+0xa95/0xc70 [ 554.350255][T14340] ? __pfx_____sys_sendmsg+0x10/0x10 [ 554.350270][T14340] ? get_compat_msghdr+0x11a/0x170 [ 554.350288][T14340] ___sys_sendmsg+0x134/0x1d0 [ 554.350302][T14340] ? __pfx____sys_sendmsg+0x10/0x10 [ 554.350331][T14340] __sys_sendmsg+0x16d/0x220 [ 554.350344][T14340] ? __pfx___sys_sendmsg+0x10/0x10 [ 554.350361][T14340] ? rcu_is_watching+0x12/0xc0 [ 554.350372][T14340] ? rcu_is_watching+0x12/0xc0 [ 554.350384][T14340] __do_fast_syscall_32+0x73/0x120 [ 554.350401][T14340] do_fast_syscall_32+0x32/0x80 [ 554.350417][T14340] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 554.350430][T14340] RIP: 0023:0xf7f01579 [ 554.350438][T14340] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 554.350448][T14340] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 554.350459][T14340] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 554.350465][T14340] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 554.350471][T14340] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 554.350477][T14340] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 554.350482][T14340] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 554.350495][T14340] [ 554.447073][T14341] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2271'. [ 554.452832][T14341] bridge_slave_0: entered promiscuous mode [ 554.456917][T14341] netlink: 'syz.0.2271': attribute type 4 has an invalid length. [ 554.479785][T14346] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2274'. [ 554.812160][ T5950] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 554.815325][T14357] FAULT_INJECTION: forcing a failure. [ 554.815325][T14357] name failslab, interval 1, probability 0, space 0, times 0 [ 554.820134][T14357] CPU: 0 UID: 0 PID: 14357 Comm: syz.3.2278 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 554.820155][T14357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 554.820166][T14357] Call Trace: [ 554.820176][T14357] [ 554.820183][T14357] dump_stack_lvl+0x16c/0x1f0 [ 554.820212][T14357] should_fail_ex+0x512/0x640 [ 554.820241][T14357] should_failslab+0xc2/0x120 [ 554.820262][T14357] __kmalloc_cache_noprof+0x6a/0x3e0 [ 554.820279][T14357] ? tipc_enable_bearer+0x89e/0x11e0 [ 554.820305][T14357] tipc_enable_bearer+0x89e/0x11e0 [ 554.820332][T14357] ? __pfx_tipc_enable_bearer+0x10/0x10 [ 554.820365][T14357] ? __nla_parse+0x40/0x60 [ 554.820385][T14357] __tipc_nl_bearer_enable+0x332/0x420 [ 554.820424][T14357] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 554.820456][T14357] ? __nla_parse+0x40/0x60 [ 554.820481][T14357] tipc_nl_bearer_enable+0x21/0x40 [ 554.820503][T14357] genl_family_rcv_msg_doit+0x206/0x2f0 [ 554.820531][T14357] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 554.820555][T14357] ? genl_get_cmd+0x194/0x580 [ 554.820585][T14357] ? __local_bh_enable_ip+0xa4/0x120 [ 554.820603][T14357] ? __dev_queue_xmit+0x896/0x43e0 [ 554.820618][T14357] ? __radix_tree_lookup+0x21f/0x2c0 [ 554.820645][T14357] genl_rcv_msg+0x55c/0x800 [ 554.820672][T14357] ? __pfx_genl_rcv_msg+0x10/0x10 [ 554.820695][T14357] ? __pfx___dev_queue_xmit+0x10/0x10 [ 554.820711][T14357] ? __pfx_tipc_nl_bearer_enable+0x10/0x10 [ 554.820735][T14357] ? __lock_acquire+0xaa4/0x1ba0 [ 554.820761][T14357] netlink_rcv_skb+0x16d/0x440 [ 554.820782][T14357] ? __pfx_genl_rcv_msg+0x10/0x10 [ 554.820807][T14357] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 554.820841][T14357] ? __pfx_down_read+0x10/0x10 [ 554.820858][T14357] ? netlink_deliver_tap+0x1ae/0xd30 [ 554.820882][T14357] genl_rcv+0x28/0x40 [ 554.820903][T14357] netlink_unicast+0x53a/0x7f0 [ 554.820927][T14357] ? __pfx_netlink_unicast+0x10/0x10 [ 554.820957][T14357] netlink_sendmsg+0x8d1/0xdd0 [ 554.820983][T14357] ? __pfx_netlink_sendmsg+0x10/0x10 [ 554.821007][T14357] ? __import_iovec+0x1c8/0x660 [ 554.821029][T14357] ____sys_sendmsg+0xa95/0xc70 [ 554.821056][T14357] ? __pfx_____sys_sendmsg+0x10/0x10 [ 554.821079][T14357] ? get_compat_msghdr+0x11a/0x170 [ 554.821110][T14357] ___sys_sendmsg+0x134/0x1d0 [ 554.821132][T14357] ? __pfx____sys_sendmsg+0x10/0x10 [ 554.821190][T14357] __sys_sendmsg+0x16d/0x220 [ 554.821210][T14357] ? __pfx___sys_sendmsg+0x10/0x10 [ 554.821238][T14357] ? rcu_is_watching+0x12/0xc0 [ 554.821256][T14357] ? rcu_is_watching+0x12/0xc0 [ 554.821274][T14357] __do_fast_syscall_32+0x73/0x120 [ 554.821301][T14357] do_fast_syscall_32+0x32/0x80 [ 554.821326][T14357] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 554.821346][T14357] RIP: 0023:0xf7f27579 [ 554.821359][T14357] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 554.821374][T14357] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 554.821390][T14357] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 554.821400][T14357] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 554.821410][T14357] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 554.821419][T14357] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 554.821428][T14357] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 554.821451][T14357] [ 554.979503][ T5950] usb 6-1: Using ep0 maxpacket: 8 [ 554.982171][ T8129] Bluetooth: hci2: command tx timeout [ 554.983600][ T5950] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 555.003491][ T5950] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 555.007836][ T5950] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 555.021509][ T5950] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 555.026673][ T5950] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 555.032682][ T5950] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 555.036439][ T5950] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.266505][T14378] lo speed is unknown, defaulting to 1000 [ 555.273961][ T5950] usb 6-1: GET_CAPABILITIES returned 0 [ 555.276931][ T5950] usbtmc 6-1:16.0: can't read capabilities [ 555.283760][T14380] netlink: 'syz.0.2286': attribute type 1 has an invalid length. [ 555.286268][T14380] netlink: 'syz.0.2286': attribute type 2 has an invalid length. [ 555.481011][ T5950] usb 6-1: USB disconnect, device number 56 [ 555.709262][T14350] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 555.749766][T14400] tipc: Started in network mode [ 555.751578][T14400] tipc: Node identity ac141413, cluster identity 4711 [ 555.757933][T14400] tipc: Enabled bearer , priority 10 [ 555.966981][T14406] FAULT_INJECTION: forcing a failure. [ 555.966981][T14406] name failslab, interval 1, probability 0, space 0, times 0 [ 555.971029][T14406] CPU: 0 UID: 0 PID: 14406 Comm: syz.0.2295 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 555.971044][T14406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 555.971050][T14406] Call Trace: [ 555.971055][T14406] [ 555.971059][T14406] dump_stack_lvl+0x16c/0x1f0 [ 555.971146][T14406] should_fail_ex+0x512/0x640 [ 555.971180][T14406] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 555.971195][T14406] should_failslab+0xc2/0x120 [ 555.971209][T14406] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 555.971227][T14406] ? __alloc_skb+0x2b2/0x380 [ 555.971243][T14406] __alloc_skb+0x2b2/0x380 [ 555.971255][T14406] ? __pfx___alloc_skb+0x10/0x10 [ 555.971266][T14406] ? __mutex_trylock_common+0x90/0x250 [ 555.971283][T14406] ? __pfx___mutex_trylock_common+0x10/0x10 [ 555.971300][T14406] netlink_dump+0x698/0xd00 [ 555.971314][T14406] ? __mutex_lock+0x1ca/0xb90 [ 555.971330][T14406] ? __pfx_netlink_dump+0x10/0x10 [ 555.971343][T14406] ? __rhashtable_lookup.constprop.0+0x3a5/0x760 [ 555.971356][T14406] ? __netlink_dump_start+0x150/0x990 [ 555.971374][T14406] ? netlink_lookup+0x258/0x520 [ 555.971387][T14406] ? __pfx_netlink_lookup+0x10/0x10 [ 555.971403][T14406] __netlink_dump_start+0x6d6/0x990 [ 555.971418][T14406] ? __pfx_tc_dump_tfilter+0x10/0x10 [ 555.971433][T14406] rtnetlink_rcv_msg+0xb3e/0xe90 [ 555.971447][T14406] ? __pfx_tc_dump_tfilter+0x10/0x10 [ 555.971473][T14406] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 555.971487][T14406] ? __pfx_rtnl_dumpit+0x10/0x10 [ 555.971497][T14406] ? __pfx_tc_dump_tfilter+0x10/0x10 [ 555.971516][T14406] netlink_rcv_skb+0x16d/0x440 [ 555.971530][T14406] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 555.971545][T14406] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 555.971566][T14406] ? netlink_deliver_tap+0x1ae/0xd30 [ 555.971582][T14406] netlink_unicast+0x53a/0x7f0 [ 555.971598][T14406] ? __pfx_netlink_unicast+0x10/0x10 [ 555.971611][T14406] ? __build_skb_around+0x278/0x3b0 [ 555.971623][T14406] ? __build_skb+0x6e/0x90 [ 555.971634][T14406] ? is_vmalloc_addr+0x30/0x40 [ 555.971648][T14406] netlink_sendmsg+0x8d1/0xdd0 [ 555.971664][T14406] ? __pfx_netlink_sendmsg+0x10/0x10 [ 555.971680][T14406] ? __import_iovec+0x1c8/0x660 [ 555.971694][T14406] ____sys_sendmsg+0xa95/0xc70 [ 555.971711][T14406] ? __pfx_____sys_sendmsg+0x10/0x10 [ 555.971727][T14406] ? get_compat_msghdr+0x11a/0x170 [ 555.971745][T14406] ___sys_sendmsg+0x134/0x1d0 [ 555.971759][T14406] ? __pfx____sys_sendmsg+0x10/0x10 [ 555.971789][T14406] __sys_sendmsg+0x16d/0x220 [ 555.971803][T14406] ? __pfx___sys_sendmsg+0x10/0x10 [ 555.971822][T14406] ? rcu_is_watching+0x12/0xc0 [ 555.971835][T14406] __do_fast_syscall_32+0x73/0x120 [ 555.971852][T14406] do_fast_syscall_32+0x32/0x80 [ 555.971868][T14406] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 555.971882][T14406] RIP: 0023:0xf709e579 [ 555.971890][T14406] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 555.971901][T14406] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 555.971911][T14406] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 555.971918][T14406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 555.971924][T14406] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 555.971930][T14406] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 555.971936][T14406] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 555.971949][T14406] [ 556.121685][ T40] audit: type=1800 audit(1748270468.767:1187): pid=14417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2298" name="bus" dev="overlay" ino=3309 res=0 errno=0 [ 556.642276][T14429] befs: (loop1): No write support. Marking filesystem read-only [ 556.645263][T14429] syz.0.2299: attempt to access beyond end of device [ 556.645263][T14429] loop1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 556.649165][T14429] befs: (loop1): unable to read superblock [ 556.692318][ T29] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 556.783625][ T6053] tipc: Node number set to 2886997011 [ 556.852304][ T29] usb 6-1: Using ep0 maxpacket: 8 [ 556.858447][ T29] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 556.863298][ T29] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 556.867553][ T29] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 556.871651][ T29] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 556.879707][ T29] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 556.883655][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.096345][ T29] usb 6-1: GET_CAPABILITIES returned 0 [ 557.098264][ T29] usbtmc 6-1:16.0: can't read capabilities [ 557.236936][T14433] IPVS: set_ctl: invalid protocol: 137 224.0.0.2:20000 [ 557.297552][T14438] /dev/nullb0: Can't open blockdev [ 557.399131][T14445] cgroup: Unknown subsys name 'noxattr' [ 557.874700][ T29] usb 6-1: USB disconnect, device number 57 [ 558.061477][T14460] /dev/nullb0: Can't open blockdev [ 558.315654][T14464] FAULT_INJECTION: forcing a failure. [ 558.315654][T14464] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 558.320893][T14464] CPU: 3 UID: 0 PID: 14464 Comm: syz.2.2313 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 558.320916][T14464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 558.320925][T14464] Call Trace: [ 558.320932][T14464] [ 558.320939][T14464] dump_stack_lvl+0x16c/0x1f0 [ 558.320967][T14464] should_fail_ex+0x512/0x640 [ 558.320993][T14464] _copy_to_user+0x32/0xd0 [ 558.321012][T14464] simple_read_from_buffer+0xcb/0x170 [ 558.321037][T14464] proc_fail_nth_read+0x197/0x270 [ 558.321060][T14464] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 558.321083][T14464] ? rw_verify_area+0xcf/0x680 [ 558.321106][T14464] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 558.321128][T14464] vfs_read+0x1de/0xc70 [ 558.321147][T14464] ? __pfx___mutex_lock+0x10/0x10 [ 558.321169][T14464] ? __pfx_vfs_read+0x10/0x10 [ 558.321191][T14464] ? __fget_files+0x20e/0x3c0 [ 558.321215][T14464] ksys_read+0x12a/0x240 [ 558.321238][T14464] ? __pfx_ksys_read+0x10/0x10 [ 558.321255][T14464] ? rcu_is_watching+0x12/0xc0 [ 558.321275][T14464] __do_fast_syscall_32+0x73/0x120 [ 558.321300][T14464] do_fast_syscall_32+0x32/0x80 [ 558.321322][T14464] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 558.321342][T14464] RIP: 0023:0xf711e579 [ 558.321355][T14464] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 558.321369][T14464] RSP: 002b:00000000f510e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 558.321385][T14464] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000f510e620 [ 558.321395][T14464] RDX: 000000000000000f RSI: 00000000f7482ff4 RDI: 0000000000000000 [ 558.321405][T14464] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 558.321414][T14464] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 558.321424][T14464] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 558.321447][T14464] [ 559.199029][T14478] lo speed is unknown, defaulting to 1000 [ 559.403012][T14485] __nla_validate_parse: 8 callbacks suppressed [ 559.403023][T14485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2319'. [ 559.406875][T14484] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2319'. [ 559.599787][ T5938] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 559.604737][ T5938] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 559.608204][ T5938] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 559.611945][ T5938] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 559.614943][ T5938] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 559.639120][T14494] lo speed is unknown, defaulting to 1000 [ 559.697003][T14496] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2322'. [ 559.730811][T14494] chnl_net:caif_netlink_parms(): no params data found [ 559.855255][T14494] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.857769][T14494] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.860282][T14494] bridge_slave_0: entered allmulticast mode [ 559.863878][T14494] bridge_slave_0: entered promiscuous mode [ 559.867036][T14494] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.869941][T14494] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.872600][T14494] bridge_slave_1: entered allmulticast mode [ 559.875497][T14494] bridge_slave_1: entered promiscuous mode [ 559.920873][T14494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 559.930240][T14494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 559.959819][T14506] lo speed is unknown, defaulting to 1000 [ 559.995417][T14494] team0: Port device team_slave_0 added [ 560.007611][T14494] team0: Port device team_slave_1 added [ 560.068712][T14494] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 560.071511][T14494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 560.082272][T14494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 560.090505][T14494] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 560.093448][T14494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 560.104415][T14494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 560.158085][T14494] hsr_slave_0: entered promiscuous mode [ 560.160525][T14494] hsr_slave_1: entered promiscuous mode [ 560.163090][T14494] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 560.165533][T14494] Cannot create hsr debugfs directory [ 560.302917][T14494] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.429723][T14494] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.517408][T14494] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.638342][T14494] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.819516][T14494] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 560.828190][T14494] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 560.835682][T14494] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 560.842344][T14494] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 560.901801][T14494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 560.919902][T14494] 8021q: adding VLAN 0 to HW filter on device team0 [ 560.926876][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.929345][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 560.937599][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.939881][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 561.060263][T14494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 561.091214][T14494] veth0_vlan: entered promiscuous mode [ 561.096704][T14494] veth1_vlan: entered promiscuous mode [ 561.124797][T14494] veth0_macvtap: entered promiscuous mode [ 561.130257][T14494] veth1_macvtap: entered promiscuous mode [ 561.146336][T14494] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 561.156931][T14494] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 561.161594][T14494] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.164732][T14494] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.167655][T14494] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.171199][T14494] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.230578][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.242861][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.264441][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.267023][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.320293][ T40] audit: type=1326 audit(1748270473.967:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14528 comm="syz.0.2320" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0 [ 561.622252][ T8129] Bluetooth: hci0: command tx timeout [ 562.373971][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.892318][T14568] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.933927][T14571] FAULT_INJECTION: forcing a failure. [ 562.933927][T14571] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 562.938200][T14571] CPU: 3 UID: 0 PID: 14571 Comm: syz.2.2339 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 562.938216][T14571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 562.938223][T14571] Call Trace: [ 562.938227][T14571] [ 562.938232][T14571] dump_stack_lvl+0x16c/0x1f0 [ 562.938251][T14571] should_fail_ex+0x512/0x640 [ 562.938269][T14571] _copy_from_iter+0x2a4/0x15b0 [ 562.938289][T14571] ? __pfx__copy_from_iter+0x10/0x10 [ 562.938306][T14571] ? find_held_lock+0x2b/0x80 [ 562.938319][T14571] ? raw_sendmsg+0x14c/0x810 [ 562.938333][T14571] ? rcu_is_watching+0x12/0xc0 [ 562.938344][T14571] ? __local_bh_enable_ip+0xa4/0x120 [ 562.938358][T14571] raw_sendmsg+0x506/0x810 [ 562.938373][T14571] ? __pfx_raw_sendmsg+0x10/0x10 [ 562.938388][T14571] ? __import_iovec+0x1c8/0x660 [ 562.938401][T14571] ____sys_sendmsg+0xa95/0xc70 [ 562.938419][T14571] ? __pfx_____sys_sendmsg+0x10/0x10 [ 562.938435][T14571] ? get_compat_msghdr+0x11a/0x170 [ 562.938453][T14571] ___sys_sendmsg+0x134/0x1d0 [ 562.938467][T14571] ? __pfx____sys_sendmsg+0x10/0x10 [ 562.938496][T14571] __sys_sendmsg+0x16d/0x220 [ 562.938510][T14571] ? __pfx___sys_sendmsg+0x10/0x10 [ 562.938528][T14571] ? rcu_is_watching+0x12/0xc0 [ 562.938540][T14571] __do_fast_syscall_32+0x73/0x120 [ 562.938558][T14571] do_fast_syscall_32+0x32/0x80 [ 562.938574][T14571] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 562.938588][T14571] RIP: 0023:0xf711e579 [ 562.938596][T14571] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 562.938607][T14571] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 562.938617][T14571] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 562.938624][T14571] RDX: 0000000020044094 RSI: 0000000000000000 RDI: 0000000000000000 [ 562.938630][T14571] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 562.938635][T14571] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 562.938641][T14571] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 562.938654][T14571] [ 562.966485][T14554] bridge_slave_0: left allmulticast mode [ 563.005630][T14576] QAT: Invalid ioctl 21531 [ 563.006699][T14554] bridge_slave_0: left promiscuous mode [ 563.006823][T14554] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.041602][T14554] bridge_slave_1: left allmulticast mode [ 563.043477][T14554] bridge_slave_1: left promiscuous mode [ 563.045955][T14554] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.051706][T14554] bond0: (slave bond_slave_0): Releasing backup interface [ 563.054764][T14554] bond_slave_0: left promiscuous mode [ 563.058653][T14554] bond0: (slave bond_slave_1): Releasing backup interface [ 563.061732][T14554] bond_slave_1: left promiscuous mode [ 563.064543][T14554] team_slave_0: left promiscuous mode [ 563.072894][T14554] team0: Port device team_slave_0 removed [ 563.075262][T14554] team_slave_1: left promiscuous mode [ 563.091372][T14554] team0: Port device team_slave_1 removed [ 563.094619][T14554] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 563.097509][T14554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 563.101397][T14554] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 563.104456][T14554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 563.133472][T14554] netlink: 'syz.3.2333': attribute type 23 has an invalid length. [ 563.204578][T14580] netlink: 'syz.1.2341': attribute type 12 has an invalid length. [ 563.209230][T14580] netlink: 'syz.1.2341': attribute type 29 has an invalid length. [ 563.211946][T14580] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2341'. [ 563.215276][T14580] netlink: 'syz.1.2341': attribute type 2 has an invalid length. [ 563.217630][T14580] netlink: 'syz.1.2341': attribute type 3 has an invalid length. [ 563.220098][T14580] netlink: 31 bytes leftover after parsing attributes in process `syz.1.2341'. [ 563.684182][T14591] lo speed is unknown, defaulting to 1000 [ 563.703156][ T8129] Bluetooth: hci0: command 0x041b tx timeout [ 563.902797][T14595] FAULT_INJECTION: forcing a failure. [ 563.902797][T14595] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 563.912284][T14595] CPU: 2 UID: 0 PID: 14595 Comm: syz.0.2344 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 563.912301][T14595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 563.912307][T14595] Call Trace: [ 563.912312][T14595] [ 563.912317][T14595] dump_stack_lvl+0x16c/0x1f0 [ 563.912336][T14595] should_fail_ex+0x512/0x640 [ 563.912355][T14595] _copy_to_user+0x32/0xd0 [ 563.912367][T14595] simple_read_from_buffer+0xcb/0x170 [ 563.912384][T14595] proc_fail_nth_read+0x197/0x270 [ 563.912400][T14595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 563.912416][T14595] ? rw_verify_area+0xcf/0x680 [ 563.912432][T14595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 563.912447][T14595] vfs_read+0x1de/0xc70 [ 563.912460][T14595] ? __pfx___mutex_lock+0x10/0x10 [ 563.912476][T14595] ? __pfx_vfs_read+0x10/0x10 [ 563.912490][T14595] ? __fget_files+0x20e/0x3c0 [ 563.912504][T14595] ksys_read+0x12a/0x240 [ 563.912514][T14595] ? __pfx_ksys_read+0x10/0x10 [ 563.912523][T14595] ? rcu_is_watching+0x12/0xc0 [ 563.912535][T14595] ? rcu_is_watching+0x12/0xc0 [ 563.912547][T14595] __do_fast_syscall_32+0x73/0x120 [ 563.912564][T14595] do_fast_syscall_32+0x32/0x80 [ 563.912581][T14595] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 563.912594][T14595] RIP: 0023:0xf707e579 [ 563.912603][T14595] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 563.912614][T14595] RSP: 002b:00000000f504d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 563.912624][T14595] RAX: ffffffffffffffda RBX: 000000000000000e RCX: 00000000f504d620 [ 563.912631][T14595] RDX: 000000000000000f RSI: 00000000f73e2ff4 RDI: 0000000000000000 [ 563.912637][T14595] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 563.912643][T14595] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 563.912649][T14595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 563.912662][T14595] [ 563.984335][ C2] hpet: Lost 3 RTC interrupts [ 564.073065][T14604] FAULT_INJECTION: forcing a failure. [ 564.073065][T14604] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 564.078602][T14604] CPU: 0 UID: 0 PID: 14604 Comm: syz.2.2348 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 564.078627][T14604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 564.078638][T14604] Call Trace: [ 564.078645][T14604] [ 564.078653][T14604] dump_stack_lvl+0x16c/0x1f0 [ 564.078684][T14604] should_fail_ex+0x512/0x640 [ 564.078714][T14604] _copy_from_iter+0x2a4/0x15b0 [ 564.078747][T14604] ? __pfx__copy_from_iter+0x10/0x10 [ 564.078775][T14604] ? find_held_lock+0x2b/0x80 [ 564.078793][T14604] ? raw_sendmsg+0x14c/0x810 [ 564.078834][T14604] ? rcu_is_watching+0x12/0xc0 [ 564.078856][T14604] ? __local_bh_enable_ip+0xa4/0x120 [ 564.078880][T14604] raw_sendmsg+0x506/0x810 [ 564.078906][T14604] ? __pfx_raw_sendmsg+0x10/0x10 [ 564.078930][T14604] ? __import_iovec+0x1c8/0x660 [ 564.078952][T14604] ____sys_sendmsg+0xa95/0xc70 [ 564.078982][T14604] ? __pfx_____sys_sendmsg+0x10/0x10 [ 564.079007][T14604] ? get_compat_msghdr+0x11a/0x170 [ 564.079039][T14604] ___sys_sendmsg+0x134/0x1d0 [ 564.079063][T14604] ? __pfx____sys_sendmsg+0x10/0x10 [ 564.079115][T14604] __sys_sendmsg+0x16d/0x220 [ 564.079137][T14604] ? __pfx___sys_sendmsg+0x10/0x10 [ 564.079169][T14604] ? rcu_is_watching+0x12/0xc0 [ 564.079190][T14604] __do_fast_syscall_32+0x73/0x120 [ 564.079218][T14604] do_fast_syscall_32+0x32/0x80 [ 564.079244][T14604] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 564.079265][T14604] RIP: 0023:0xf711e579 [ 564.079279][T14604] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 564.079295][T14604] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 564.079312][T14604] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080 [ 564.079323][T14604] RDX: 0000000020044094 RSI: 0000000000000000 RDI: 0000000000000000 [ 564.079333][T14604] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 564.079343][T14604] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 564.079353][T14604] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 564.079376][T14604] [ 564.206759][T14606] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2349'. [ 564.309881][T14606] syz.2.2349 (14606) used greatest stack depth: 19896 bytes left [ 564.480741][T14611] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2350'. [ 564.507939][T10371] IPVS: starting estimator thread 0... [ 564.629405][T14620] FAULT_INJECTION: forcing a failure. [ 564.629405][T14620] name failslab, interval 1, probability 0, space 0, times 0 [ 564.630115][T14618] IPVS: using max 45 ests per chain, 108000 per kthread [ 564.634446][T14620] CPU: 0 UID: 0 PID: 14620 Comm: syz.0.2353 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 564.634462][T14620] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 564.634468][T14620] Call Trace: [ 564.634472][T14620] [ 564.634487][T14620] dump_stack_lvl+0x16c/0x1f0 [ 564.634508][T14620] should_fail_ex+0x512/0x640 [ 564.634525][T14620] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 564.634538][T14620] should_failslab+0xc2/0x120 [ 564.634552][T14620] __kmalloc_cache_noprof+0x6a/0x3e0 [ 564.634563][T14620] ? find_get_pmu_context+0x90/0xab0 [ 564.634582][T14620] find_get_pmu_context+0x90/0xab0 [ 564.634601][T14620] perf_event_create_kernel_counter+0x267/0x580 [ 564.634617][T14620] ptrace_register_breakpoint+0x1bb/0x1d0 [ 564.634630][T14620] ? __pfx_ptrace_register_breakpoint+0x10/0x10 [ 564.634642][T14620] ? __lock_acquire+0xaa4/0x1ba0 [ 564.634663][T14620] ? do_raw_spin_lock+0x12c/0x2b0 [ 564.634679][T14620] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 564.634698][T14620] ptrace_write_dr7+0x2b1/0x470 [ 564.634711][T14620] ? __pfx_ptrace_write_dr7+0x10/0x10 [ 564.634721][T14620] ? rcu_is_watching+0x12/0xc0 [ 564.634731][T14620] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 564.634746][T14620] ? lockdep_hardirqs_on+0x7c/0x110 [ 564.634761][T14620] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 564.634775][T14620] ? wait_task_inactive+0x432/0x6f0 [ 564.634790][T14620] putreg32+0x1d0/0x700 [ 564.634801][T14620] compat_arch_ptrace+0x1e9/0x3a0 [ 564.634813][T14620] ? __pfx_compat_arch_ptrace+0x10/0x10 [ 564.634823][T14620] ? mark_held_locks+0x49/0x80 [ 564.634845][T14620] __ia32_compat_sys_ptrace+0x269/0x2e0 [ 564.634861][T14620] __do_fast_syscall_32+0x73/0x120 [ 564.634878][T14620] do_fast_syscall_32+0x32/0x80 [ 564.634894][T14620] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 564.634907][T14620] RIP: 0023:0xf707e579 [ 564.634916][T14620] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 564.634926][T14620] RSP: 002b:00000000f504d55c EFLAGS: 00000296 ORIG_RAX: 000000000000001a [ 564.634936][T14620] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000015 [ 564.634943][T14620] RDX: 0000000000000118 RSI: 0000000040000089 RDI: 0000000000000000 [ 564.634949][T14620] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 564.634955][T14620] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 564.634961][T14620] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 564.634974][T14620] [ 564.635508][T14623] FAULT_INJECTION: forcing a failure. [ 564.635508][T14623] name failslab, interval 1, probability 0, space 0, times 0 [ 564.746987][T14623] CPU: 3 UID: 0 PID: 14623 Comm: syz.1.2354 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 564.747012][T14623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 564.747023][T14623] Call Trace: [ 564.747029][T14623] [ 564.747037][T14623] dump_stack_lvl+0x16c/0x1f0 [ 564.747066][T14623] should_fail_ex+0x512/0x640 [ 564.747106][T14623] ? fs_reclaim_acquire+0xae/0x150 [ 564.747136][T14623] ? tomoyo_encode2+0x30b/0x3e0 [ 564.747159][T14623] should_failslab+0xc2/0x120 [ 564.747180][T14623] __kmalloc_noprof+0xd2/0x510 [ 564.747205][T14623] tomoyo_encode2+0x30b/0x3e0 [ 564.747233][T14623] tomoyo_encode+0x29/0x50 [ 564.747256][T14623] tomoyo_mount_acl+0x144/0x850 [ 564.747278][T14623] ? kernel_text_address+0x8d/0x100 [ 564.747293][T14623] ? do_raw_spin_lock+0x12c/0x2b0 [ 564.747318][T14623] ? __kernel_text_address+0xd/0x40 [ 564.747334][T14623] ? unwind_get_return_address+0x59/0xa0 [ 564.747355][T14623] ? arch_stack_walk+0xa6/0x100 [ 564.747378][T14623] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 564.747431][T14623] ? tomoyo_domain+0xbb/0x150 [ 564.747446][T14623] ? tomoyo_profile+0x47/0x60 [ 564.747465][T14623] tomoyo_mount_permission+0x16d/0x420 [ 564.747488][T14623] ? tomoyo_mount_permission+0x14f/0x420 [ 564.747513][T14623] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 564.747553][T14623] security_sb_mount+0x9b/0x260 [ 564.747576][T14623] path_mount+0x128/0x1f20 [ 564.747597][T14623] ? kmem_cache_free+0x2d4/0x4d0 [ 564.747614][T14623] ? __pfx_path_mount+0x10/0x10 [ 564.747636][T14623] ? putname+0x154/0x1a0 [ 564.747659][T14623] __ia32_sys_mount+0x28b/0x310 [ 564.747679][T14623] ? __pfx___ia32_sys_mount+0x10/0x10 [ 564.747696][T14623] ? rcu_is_watching+0x12/0xc0 [ 564.747715][T14623] ? rcu_is_watching+0x12/0xc0 [ 564.747732][T14623] __do_fast_syscall_32+0x73/0x120 [ 564.747758][T14623] do_fast_syscall_32+0x32/0x80 [ 564.747782][T14623] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 564.747802][T14623] RIP: 0023:0xf7f01579 [ 564.747815][T14623] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 564.747831][T14623] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 564.747856][T14623] RAX: ffffffffffffffda RBX: 00000000800000c0 RCX: 0000000080000000 [ 564.747868][T14623] RDX: 0000000080000100 RSI: 0000000000208082 RDI: 0000000000000000 [ 564.747878][T14623] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 564.747888][T14623] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 564.747898][T14623] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 564.747922][T14623] [ 565.154175][T14632] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2357'. [ 565.652150][ T1324] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 565.667394][T14641] 9p: Unknown uid 00000000004294967295 [ 565.782262][ T8129] Bluetooth: hci0: command 0x041b tx timeout [ 565.820653][ T1324] usb 5-1: Using ep0 maxpacket: 16 [ 565.825227][ T1324] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 565.827710][T14644] FAULT_INJECTION: forcing a failure. [ 565.827710][T14644] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 565.828559][ T1324] usb 5-1: config 0 has no interface number 0 [ 565.832675][T14644] CPU: 0 UID: 0 PID: 14644 Comm: syz.1.2361 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 565.832690][T14644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 565.832697][T14644] Call Trace: [ 565.832701][T14644] [ 565.832705][T14644] dump_stack_lvl+0x16c/0x1f0 [ 565.832724][T14644] should_fail_ex+0x512/0x640 [ 565.832742][T14644] _copy_to_user+0x32/0xd0 [ 565.832754][T14644] simple_read_from_buffer+0xcb/0x170 [ 565.832772][T14644] proc_fail_nth_read+0x197/0x270 [ 565.832788][T14644] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 565.832803][T14644] ? rw_verify_area+0xcf/0x680 [ 565.832819][T14644] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 565.832834][T14644] vfs_read+0x1de/0xc70 [ 565.832846][T14644] ? __pfx___mutex_lock+0x10/0x10 [ 565.832862][T14644] ? __pfx_vfs_read+0x10/0x10 [ 565.832876][T14644] ? __fget_files+0x20e/0x3c0 [ 565.832889][T14644] ksys_read+0x12a/0x240 [ 565.832904][T14644] ? __pfx_ksys_read+0x10/0x10 [ 565.832915][T14644] ? rcu_is_watching+0x12/0xc0 [ 565.832928][T14644] __do_fast_syscall_32+0x73/0x120 [ 565.832945][T14644] do_fast_syscall_32+0x32/0x80 [ 565.832961][T14644] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 565.832975][T14644] RIP: 0023:0xf7f01579 [ 565.832984][T14644] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 565.832994][T14644] RSP: 002b:00000000f5026590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 565.833004][T14644] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5026620 [ 565.833011][T14644] RDX: 000000000000000f RSI: 00000000f7392ff4 RDI: 0000000000000000 [ 565.833017][T14644] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 565.833022][T14644] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 565.833028][T14644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 565.833041][T14644] [ 565.909938][ T1324] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 565.914365][ T1324] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 565.919135][ T1324] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 565.921952][ T1324] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 565.924987][ T1324] usb 5-1: Product: syz [ 565.926337][ T1324] usb 5-1: SerialNumber: syz [ 565.928933][ T1324] usb 5-1: config 0 descriptor?? [ 565.934351][ T1324] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 565.938379][ T1324] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input11 [ 566.086010][T14651] netlink: 'syz.1.2364': attribute type 12 has an invalid length. [ 566.088518][T14651] netlink: 'syz.1.2364': attribute type 29 has an invalid length. [ 566.091457][T14651] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2364'. [ 566.094412][T14651] netlink: 51 bytes leftover after parsing attributes in process `syz.1.2364'. [ 566.128357][T14653] netlink: 'syz.1.2365': attribute type 1 has an invalid length. [ 566.130943][T14653] netlink: 'syz.1.2365': attribute type 3 has an invalid length. [ 566.133619][T14653] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2365'. [ 566.136583][T14653] NCSI netlink: No device for ifindex 0 [ 566.164783][T14655] FAULT_INJECTION: forcing a failure. [ 566.164783][T14655] name failslab, interval 1, probability 0, space 0, times 0 [ 566.170080][T14655] CPU: 0 UID: 0 PID: 14655 Comm: syz.3.2366 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 566.170105][T14655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 566.170116][T14655] Call Trace: [ 566.170122][T14655] [ 566.170129][T14655] dump_stack_lvl+0x16c/0x1f0 [ 566.170159][T14655] should_fail_ex+0x512/0x640 [ 566.170184][T14655] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 566.170208][T14655] should_failslab+0xc2/0x120 [ 566.170231][T14655] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 566.170252][T14655] ? __alloc_skb+0x2b2/0x380 [ 566.170277][T14655] __alloc_skb+0x2b2/0x380 [ 566.170297][T14655] ? __pfx___alloc_skb+0x10/0x10 [ 566.170318][T14655] ? genl_rcv_msg+0x4bb/0x800 [ 566.170352][T14655] netlink_ack+0x15d/0xb80 [ 566.170376][T14655] ? __lock_acquire+0xaa4/0x1ba0 [ 566.170405][T14655] netlink_rcv_skb+0x347/0x440 [ 566.170427][T14655] ? __pfx_genl_rcv_msg+0x10/0x10 [ 566.170454][T14655] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 566.170490][T14655] ? __pfx_down_read+0x10/0x10 [ 566.170509][T14655] ? netlink_deliver_tap+0x1ae/0xd30 [ 566.170535][T14655] genl_rcv+0x28/0x40 [ 566.170558][T14655] netlink_unicast+0x53a/0x7f0 [ 566.170585][T14655] ? __pfx_netlink_unicast+0x10/0x10 [ 566.170615][T14655] netlink_sendmsg+0x8d1/0xdd0 [ 566.170643][T14655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 566.170669][T14655] ? __import_iovec+0x1c8/0x660 [ 566.170693][T14655] ____sys_sendmsg+0xa95/0xc70 [ 566.170719][T14655] ? gfs2_seek_hole+0xe0/0x270 [ 566.170744][T14655] ? __pfx_____sys_sendmsg+0x10/0x10 [ 566.170769][T14655] ? get_compat_msghdr+0x11a/0x170 [ 566.170802][T14655] ___sys_sendmsg+0x134/0x1d0 [ 566.170824][T14655] ? __pfx____sys_sendmsg+0x10/0x10 [ 566.170894][T14655] __sys_sendmsg+0x16d/0x220 [ 566.170919][T14655] ? __pfx___sys_sendmsg+0x10/0x10 [ 566.170950][T14655] ? rcu_is_watching+0x12/0xc0 [ 566.170970][T14655] ? rcu_is_watching+0x12/0xc0 [ 566.170991][T14655] __do_fast_syscall_32+0x73/0x120 [ 566.171019][T14655] do_fast_syscall_32+0x32/0x80 [ 566.171046][T14655] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 566.171071][T14655] RIP: 0023:0xf7f27579 [ 566.171086][T14655] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 566.171103][T14655] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 566.171120][T14655] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000500 [ 566.171131][T14655] RDX: 0000000004008080 RSI: 0000000000000000 RDI: 0000000000000000 [ 566.171142][T14655] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 566.171152][T14655] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 566.171162][T14655] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 566.171186][T14655] [ 566.493787][T14664] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2369'. [ 566.558071][T14666] FAULT_INJECTION: forcing a failure. [ 566.558071][T14666] name failslab, interval 1, probability 0, space 0, times 0 [ 566.562400][T14666] CPU: 0 UID: 0 PID: 14666 Comm: syz.3.2370 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 566.562416][T14666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 566.562423][T14666] Call Trace: [ 566.562427][T14666] [ 566.562432][T14666] dump_stack_lvl+0x16c/0x1f0 [ 566.562451][T14666] should_fail_ex+0x512/0x640 [ 566.562467][T14666] ? __kmalloc_noprof+0xbf/0x510 [ 566.562481][T14666] ? constrain_params_by_rules+0x175/0xca0 [ 566.562497][T14666] should_failslab+0xc2/0x120 [ 566.562511][T14666] __kmalloc_noprof+0xd2/0x510 [ 566.562522][T14666] ? unwind_get_return_address+0x59/0xa0 [ 566.562535][T14666] ? arch_stack_walk+0xa6/0x100 [ 566.562550][T14666] constrain_params_by_rules+0x175/0xca0 [ 566.562580][T14666] ? stack_trace_save+0x8e/0xc0 [ 566.562594][T14666] ? stack_depot_save_flags+0x28/0xa50 [ 566.562611][T14666] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 566.562630][T14666] ? __kasan_kmalloc+0xaa/0xb0 [ 566.562641][T14666] ? snd_pcm_oss_change_params_locked+0x6f4/0x3a30 [ 566.562657][T14666] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 566.562687][T14666] ? snd_pcm_oss_read+0x39b/0x760 [ 566.562701][T14666] ? snd_interval_refine+0x2fa/0x580 [ 566.562716][T14666] snd_pcm_hw_refine+0x7de/0xad0 [ 566.562734][T14666] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 566.562758][T14666] ? snd_interval_refine+0x2fa/0x580 [ 566.562772][T14666] snd_pcm_oss_change_params_locked+0x208e/0x3a30 [ 566.562796][T14666] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 566.562820][T14666] ? get_pid_task+0xfc/0x250 [ 566.562837][T14666] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 566.562855][T14666] snd_pcm_oss_read+0x39b/0x760 [ 566.562865][T14666] ? security_file_permission+0x71/0x210 [ 566.562881][T14666] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 566.562892][T14666] vfs_read+0x1de/0xc70 [ 566.562907][T14666] ? __pfx_vfs_read+0x10/0x10 [ 566.562916][T14666] ? find_held_lock+0x2b/0x80 [ 566.562927][T14666] ? __fget_files+0x204/0x3c0 [ 566.562939][T14666] ? __fget_files+0x20e/0x3c0 [ 566.562952][T14666] ksys_read+0x12a/0x240 [ 566.562962][T14666] ? __pfx_ksys_read+0x10/0x10 [ 566.562973][T14666] ? rcu_is_watching+0x12/0xc0 [ 566.562987][T14666] __do_fast_syscall_32+0x73/0x120 [ 566.563004][T14666] do_fast_syscall_32+0x32/0x80 [ 566.563020][T14666] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 566.563033][T14666] RIP: 0023:0xf7f27579 [ 566.563042][T14666] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 566.563052][T14666] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 566.563063][T14666] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 566.563069][T14666] RDX: 000000000000004f RSI: 0000000000000000 RDI: 0000000000000000 [ 566.563075][T14666] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 566.563081][T14666] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 566.563087][T14666] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 566.563100][T14666] [ 566.758259][T14675] input: syz0 as /devices/virtual/input/input12 [ 567.815392][T14689] input: syz0 as /devices/virtual/input/input13 [ 567.862218][ T8129] Bluetooth: hci0: command 0x041b tx timeout [ 568.106867][T14697] FAULT_INJECTION: forcing a failure. [ 568.106867][T14697] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 568.110899][T14697] CPU: 0 UID: 0 PID: 14697 Comm: syz.2.2380 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 568.110934][T14697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 568.110942][T14697] Call Trace: [ 568.110947][T14697] [ 568.110951][T14697] dump_stack_lvl+0x16c/0x1f0 [ 568.110970][T14697] should_fail_ex+0x512/0x640 [ 568.110989][T14697] _copy_to_user+0x32/0xd0 [ 568.111001][T14697] generic_map_lookup_batch+0x61e/0xb40 [ 568.111022][T14697] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 568.111041][T14697] ? __pfx_generic_map_lookup_batch+0x10/0x10 [ 568.111055][T14697] bpf_map_do_batch+0x267/0x670 [ 568.111069][T14697] __sys_bpf+0x4afc/0x4d80 [ 568.111086][T14697] ? __pfx___sys_bpf+0x10/0x10 [ 568.111107][T14697] ? ksys_write+0x190/0x240 [ 568.111120][T14697] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 568.111144][T14697] ? fput+0x70/0xf0 [ 568.111157][T14697] ? ksys_write+0x1b9/0x240 [ 568.111166][T14697] ? __pfx_ksys_write+0x10/0x10 [ 568.111180][T14697] __ia32_sys_bpf+0x76/0xe0 [ 568.111196][T14697] __do_fast_syscall_32+0x73/0x120 [ 568.111214][T14697] do_fast_syscall_32+0x32/0x80 [ 568.111230][T14697] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 568.111244][T14697] RIP: 0023:0xf711e579 [ 568.111252][T14697] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 568.111263][T14697] RSP: 002b:00000000f50ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 568.111273][T14697] RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 00000000800003c0 [ 568.111280][T14697] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 568.111286][T14697] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 568.111292][T14697] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 568.111298][T14697] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 568.111311][T14697] [ 568.375203][ C2] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 568.376490][ C2] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 568.376759][ C2] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 568.376818][ T1324] usb 5-1: USB disconnect, device number 75 [ 568.376937][ C2] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 568.376947][ C2] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 568.377480][ T1324] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 569.033400][T14709] IPVS: set_ctl: invalid protocol: 137 224.0.0.2:20000 [ 569.184768][T14715] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2386'. [ 569.764674][T14735] FAULT_INJECTION: forcing a failure. [ 569.764674][T14735] name failslab, interval 1, probability 0, space 0, times 0 [ 569.769429][T14735] CPU: 2 UID: 0 PID: 14735 Comm: syz.0.2390 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 569.769454][T14735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 569.769465][T14735] Call Trace: [ 569.769473][T14735] [ 569.769481][T14735] dump_stack_lvl+0x16c/0x1f0 [ 569.769511][T14735] should_fail_ex+0x512/0x640 [ 569.769541][T14735] should_failslab+0xc2/0x120 [ 569.769562][T14735] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 569.769583][T14735] ? skb_clone+0x190/0x3f0 [ 569.769632][T14735] skb_clone+0x190/0x3f0 [ 569.769647][T14735] netlink_deliver_tap+0xabd/0xd30 [ 569.769664][T14735] netlink_unicast+0x5df/0x7f0 [ 569.769680][T14735] ? __pfx_netlink_unicast+0x10/0x10 [ 569.769698][T14735] netlink_sendmsg+0x8d1/0xdd0 [ 569.769714][T14735] ? __pfx_netlink_sendmsg+0x10/0x10 [ 569.769729][T14735] ? __import_iovec+0x1c8/0x660 [ 569.769743][T14735] ____sys_sendmsg+0xa95/0xc70 [ 569.769758][T14735] ? gfs2_create_inode+0x30f0/0x32c0 [ 569.769772][T14735] ? __pfx_____sys_sendmsg+0x10/0x10 [ 569.769788][T14735] ? get_compat_msghdr+0x11a/0x170 [ 569.769811][T14735] ___sys_sendmsg+0x134/0x1d0 [ 569.769825][T14735] ? __pfx____sys_sendmsg+0x10/0x10 [ 569.769855][T14735] __sys_sendmsg+0x16d/0x220 [ 569.769870][T14735] ? __pfx___sys_sendmsg+0x10/0x10 [ 569.769900][T14735] ? rcu_is_watching+0x12/0xc0 [ 569.769921][T14735] __do_fast_syscall_32+0x73/0x120 [ 569.769950][T14735] do_fast_syscall_32+0x32/0x80 [ 569.769976][T14735] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 569.769998][T14735] RIP: 0023:0xf707e579 [ 569.770012][T14735] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 569.770024][T14735] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 569.770035][T14735] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800005c0 [ 569.770041][T14735] RDX: 0000000004004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 569.770048][T14735] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 569.770055][T14735] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 569.770061][T14735] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 569.770075][T14735] [ 569.844876][ C2] hpet: Lost 4 RTC interrupts [ 569.942138][ T8129] Bluetooth: hci0: command 0x041b tx timeout [ 571.081739][T14761] FAULT_INJECTION: forcing a failure. [ 571.081739][T14761] name failslab, interval 1, probability 0, space 0, times 0 [ 571.087113][T14761] CPU: 0 UID: 0 PID: 14761 Comm: syz.2.2399 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 571.087136][T14761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 571.087145][T14761] Call Trace: [ 571.087152][T14761] [ 571.087160][T14761] dump_stack_lvl+0x16c/0x1f0 [ 571.087189][T14761] should_fail_ex+0x512/0x640 [ 571.087217][T14761] should_failslab+0xc2/0x120 [ 571.087238][T14761] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 571.087259][T14761] ? skb_clone+0x190/0x3f0 [ 571.087283][T14761] skb_clone+0x190/0x3f0 [ 571.087305][T14761] netlink_deliver_tap+0xabd/0xd30 [ 571.087332][T14761] netlink_unicast+0x5df/0x7f0 [ 571.087357][T14761] ? __pfx_netlink_unicast+0x10/0x10 [ 571.087399][T14761] netlink_sendmsg+0x8d1/0xdd0 [ 571.087426][T14761] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.087450][T14761] ? __import_iovec+0x1c8/0x660 [ 571.087472][T14761] ____sys_sendmsg+0xa95/0xc70 [ 571.087499][T14761] ? __pfx_____sys_sendmsg+0x10/0x10 [ 571.087522][T14761] ? get_compat_msghdr+0x11a/0x170 [ 571.087553][T14761] ___sys_sendmsg+0x134/0x1d0 [ 571.087575][T14761] ? __pfx____sys_sendmsg+0x10/0x10 [ 571.087625][T14761] __sys_sendmsg+0x16d/0x220 [ 571.087645][T14761] ? __pfx___sys_sendmsg+0x10/0x10 [ 571.087676][T14761] ? rcu_is_watching+0x12/0xc0 [ 571.087696][T14761] __do_fast_syscall_32+0x73/0x120 [ 571.087722][T14761] do_fast_syscall_32+0x32/0x80 [ 571.087746][T14761] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 571.087766][T14761] RIP: 0023:0xf711e579 [ 571.087780][T14761] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 571.087796][T14761] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 571.087812][T14761] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 571.087823][T14761] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 571.087833][T14761] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 571.087842][T14761] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 571.087852][T14761] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 571.087874][T14761] [ 571.183429][ C0] vkms_vblank_simulate: vblank timer overrun [ 571.257279][T14766] FAULT_INJECTION: forcing a failure. [ 571.257279][T14766] name failslab, interval 1, probability 0, space 0, times 0 [ 571.262311][T14766] CPU: 3 UID: 0 PID: 14766 Comm: syz.1.2401 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 571.262335][T14766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 571.262346][T14766] Call Trace: [ 571.262352][T14766] [ 571.262359][T14766] dump_stack_lvl+0x16c/0x1f0 [ 571.262386][T14766] should_fail_ex+0x512/0x640 [ 571.262411][T14766] ? __kmalloc_noprof+0xbf/0x510 [ 571.262432][T14766] ? netlbl_mgmt_add_common+0x17e/0x18a0 [ 571.262453][T14766] should_failslab+0xc2/0x120 [ 571.262473][T14766] __kmalloc_noprof+0xd2/0x510 [ 571.262493][T14766] ? kasan_save_track+0x14/0x30 [ 571.262513][T14766] netlbl_mgmt_add_common+0x17e/0x18a0 [ 571.262540][T14766] netlbl_mgmt_add+0x269/0x3e0 [ 571.262560][T14766] ? __pfx_netlbl_mgmt_add+0x10/0x10 [ 571.262580][T14766] ? __nla_parse+0x40/0x60 [ 571.262601][T14766] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 571.262625][T14766] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 571.262670][T14766] genl_family_rcv_msg_doit+0x206/0x2f0 [ 571.262697][T14766] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 571.262719][T14766] ? rcu_is_watching+0x12/0xc0 [ 571.262743][T14766] ? bpf_lsm_capable+0x9/0x10 [ 571.262761][T14766] ? security_capable+0x7e/0x260 [ 571.262785][T14766] genl_rcv_msg+0x55c/0x800 [ 571.262810][T14766] ? __pfx_genl_rcv_msg+0x10/0x10 [ 571.262834][T14766] ? __pfx_netlbl_mgmt_add+0x10/0x10 [ 571.262863][T14766] ? __lock_acquire+0xaa4/0x1ba0 [ 571.262888][T14766] netlink_rcv_skb+0x16d/0x440 [ 571.262910][T14766] ? __pfx_genl_rcv_msg+0x10/0x10 [ 571.262935][T14766] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 571.262966][T14766] ? __pfx_down_read+0x10/0x10 [ 571.262983][T14766] ? netlink_deliver_tap+0x1ae/0xd30 [ 571.263007][T14766] genl_rcv+0x28/0x40 [ 571.263029][T14766] netlink_unicast+0x53a/0x7f0 [ 571.263053][T14766] ? __pfx_netlink_unicast+0x10/0x10 [ 571.263080][T14766] netlink_sendmsg+0x8d1/0xdd0 [ 571.263106][T14766] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.263129][T14766] ? __import_iovec+0x1c8/0x660 [ 571.263150][T14766] ____sys_sendmsg+0xa95/0xc70 [ 571.263176][T14766] ? __pfx_____sys_sendmsg+0x10/0x10 [ 571.263199][T14766] ? get_compat_msghdr+0x11a/0x170 [ 571.263229][T14766] ___sys_sendmsg+0x134/0x1d0 [ 571.263250][T14766] ? __pfx____sys_sendmsg+0x10/0x10 [ 571.263297][T14766] __sys_sendmsg+0x16d/0x220 [ 571.263316][T14766] ? __pfx___sys_sendmsg+0x10/0x10 [ 571.263346][T14766] ? rcu_is_watching+0x12/0xc0 [ 571.263364][T14766] __do_fast_syscall_32+0x73/0x120 [ 571.263391][T14766] do_fast_syscall_32+0x32/0x80 [ 571.263413][T14766] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 571.263433][T14766] RIP: 0023:0xf7f01579 [ 571.263446][T14766] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 571.263463][T14766] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 571.263479][T14766] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000d80 [ 571.263490][T14766] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 571.263499][T14766] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 571.263508][T14766] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 571.263517][T14766] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 571.263540][T14766] [ 571.946555][T14771] bpf: Bad value for 'uid' [ 571.991992][T14773] autofs: Bad value for 'fd' [ 571.996244][T14773] Bluetooth: MGMT ver 1.23 [ 572.044668][T14775] FAULT_INJECTION: forcing a failure. [ 572.044668][T14775] name failslab, interval 1, probability 0, space 0, times 0 [ 572.048688][T14775] CPU: 3 UID: 0 PID: 14775 Comm: syz.0.2404 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 572.048703][T14775] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 572.048710][T14775] Call Trace: [ 572.048715][T14775] [ 572.048719][T14775] dump_stack_lvl+0x16c/0x1f0 [ 572.048739][T14775] should_fail_ex+0x512/0x640 [ 572.048758][T14775] should_failslab+0xc2/0x120 [ 572.048776][T14775] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 572.048789][T14775] ? skb_clone+0x190/0x3f0 [ 572.048805][T14775] skb_clone+0x190/0x3f0 [ 572.048819][T14775] netlink_deliver_tap+0xabd/0xd30 [ 572.048836][T14775] netlink_unicast+0x5df/0x7f0 [ 572.048852][T14775] ? __pfx_netlink_unicast+0x10/0x10 [ 572.048870][T14775] netlink_sendmsg+0x8d1/0xdd0 [ 572.048886][T14775] ? __pfx_netlink_sendmsg+0x10/0x10 [ 572.048901][T14775] ? __import_iovec+0x1c8/0x660 [ 572.048915][T14775] ____sys_sendmsg+0xa95/0xc70 [ 572.048933][T14775] ? __pfx_____sys_sendmsg+0x10/0x10 [ 572.048949][T14775] ? get_compat_msghdr+0x11a/0x170 [ 572.048968][T14775] ___sys_sendmsg+0x134/0x1d0 [ 572.048981][T14775] ? __pfx____sys_sendmsg+0x10/0x10 [ 572.049011][T14775] __sys_sendmsg+0x16d/0x220 [ 572.049024][T14775] ? __pfx___sys_sendmsg+0x10/0x10 [ 572.049043][T14775] ? rcu_is_watching+0x12/0xc0 [ 572.049056][T14775] __do_fast_syscall_32+0x73/0x120 [ 572.049074][T14775] do_fast_syscall_32+0x32/0x80 [ 572.049090][T14775] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 572.049103][T14775] RIP: 0023:0xf707e579 [ 572.049112][T14775] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 572.049122][T14775] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 572.049132][T14775] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000040 [ 572.049139][T14775] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 572.049144][T14775] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 572.049150][T14775] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 572.049156][T14775] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 572.049169][T14775] [ 572.411078][T14793] overlay: Unknown parameter 'smackfsdef' [ 573.261461][T14813] input: syz0 as /devices/virtual/input/input15 [ 573.382769][T14803] xfrm0: mtu less than device minimum [ 573.529276][T14821] syzkaller0: entered promiscuous mode [ 573.531663][T14821] syzkaller0: entered allmulticast mode [ 574.043499][T14824] netlink: 'syz.3.2419': attribute type 23 has an invalid length. [ 574.216876][T14827] netfs: Couldn't get user pages (rc=-14) [ 574.991498][T14826] lo speed is unknown, defaulting to 1000 [ 575.044345][T14830] lo speed is unknown, defaulting to 1000 [ 575.107107][T14838] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2423'. [ 575.112624][T14834] 9pnet_virtio: no channels available for device syz [ 575.195957][T14843] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2425'. [ 575.201507][T14843] FAULT_INJECTION: forcing a failure. [ 575.201507][T14843] name failslab, interval 1, probability 0, space 0, times 0 [ 575.207588][T14843] CPU: 3 UID: 0 PID: 14843 Comm: syz.2.2425 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 575.207612][T14843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 575.207622][T14843] Call Trace: [ 575.207630][T14843] [ 575.207637][T14843] dump_stack_lvl+0x16c/0x1f0 [ 575.207666][T14843] should_fail_ex+0x512/0x640 [ 575.207696][T14843] should_failslab+0xc2/0x120 [ 575.207719][T14843] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 575.207739][T14843] ? skb_clone+0x190/0x3f0 [ 575.207763][T14843] skb_clone+0x190/0x3f0 [ 575.207783][T14843] netlink_deliver_tap+0xabd/0xd30 [ 575.207811][T14843] netlink_unicast+0x5df/0x7f0 [ 575.207837][T14843] ? __pfx_netlink_unicast+0x10/0x10 [ 575.207867][T14843] netlink_sendmsg+0x8d1/0xdd0 [ 575.207895][T14843] ? __pfx_netlink_sendmsg+0x10/0x10 [ 575.207919][T14843] ? __import_iovec+0x1c8/0x660 [ 575.207942][T14843] ____sys_sendmsg+0xa95/0xc70 [ 575.207971][T14843] ? __pfx_____sys_sendmsg+0x10/0x10 [ 575.207995][T14843] ? get_compat_msghdr+0x11a/0x170 [ 575.208034][T14843] ___sys_sendmsg+0x134/0x1d0 [ 575.208058][T14843] ? __pfx____sys_sendmsg+0x10/0x10 [ 575.208118][T14843] __sys_sendmsg+0x16d/0x220 [ 575.208140][T14843] ? __pfx___sys_sendmsg+0x10/0x10 [ 575.208176][T14843] ? rcu_is_watching+0x12/0xc0 [ 575.208198][T14843] __do_fast_syscall_32+0x73/0x120 [ 575.208226][T14843] do_fast_syscall_32+0x32/0x80 [ 575.208251][T14843] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 575.208273][T14843] RIP: 0023:0xf711e579 [ 575.208287][T14843] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 575.208304][T14843] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 575.208320][T14843] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080005840 [ 575.208331][T14843] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 575.208342][T14843] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 575.208351][T14843] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 575.208362][T14843] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 575.208385][T14843] [ 575.240953][T14847] deleting an unspecified loop device is not supported. [ 575.513514][T14863] bridge_slave_0: left allmulticast mode [ 575.515265][T14863] bridge_slave_0: left promiscuous mode [ 575.517117][T14863] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.533416][T14863] bridge_slave_1: left allmulticast mode [ 575.535181][T14863] bridge_slave_1: left promiscuous mode [ 575.537254][T14863] bridge0: port 2(bridge_slave_1) entered disabled state [ 575.559090][T14863] bond0: (slave bond_slave_0): Releasing backup interface [ 575.572588][T14863] bond0: (slave bond_slave_1): Releasing backup interface [ 575.583290][T14867] netlink: 'syz.1.2431': attribute type 23 has an invalid length. [ 575.593773][T14863] team0: Port device team_slave_0 removed [ 575.607355][T14863] team0: Port device team_slave_1 removed [ 575.610458][T14863] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 575.615374][T14863] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 575.621283][T14863] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 575.624743][T14863] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 575.720948][T14871] FAULT_INJECTION: forcing a failure. [ 575.720948][T14871] name failslab, interval 1, probability 0, space 0, times 0 [ 575.724624][T14869] IPVS: set_ctl: invalid protocol: 137 224.0.0.2:20000 [ 575.727022][T14871] CPU: 3 UID: 0 PID: 14871 Comm: syz.1.2433 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 575.727051][T14871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 575.727062][T14871] Call Trace: [ 575.727069][T14871] [ 575.727075][T14871] dump_stack_lvl+0x16c/0x1f0 [ 575.727103][T14871] should_fail_ex+0x512/0x640 [ 575.727130][T14871] should_failslab+0xc2/0x120 [ 575.727151][T14871] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 575.727172][T14871] ? skb_clone+0x190/0x3f0 [ 575.727198][T14871] skb_clone+0x190/0x3f0 [ 575.727220][T14871] netlink_deliver_tap+0xabd/0xd30 [ 575.727246][T14871] netlink_unicast+0x5df/0x7f0 [ 575.727271][T14871] ? __pfx_netlink_unicast+0x10/0x10 [ 575.727300][T14871] netlink_sendmsg+0x8d1/0xdd0 [ 575.727327][T14871] ? __pfx_netlink_sendmsg+0x10/0x10 [ 575.727350][T14871] ? __import_iovec+0x1c8/0x660 [ 575.727372][T14871] ____sys_sendmsg+0xa95/0xc70 [ 575.727399][T14871] ? __pfx_____sys_sendmsg+0x10/0x10 [ 575.727420][T14871] ? get_compat_msghdr+0x11a/0x170 [ 575.727451][T14871] ___sys_sendmsg+0x134/0x1d0 [ 575.727473][T14871] ? __pfx____sys_sendmsg+0x10/0x10 [ 575.727525][T14871] __sys_sendmsg+0x16d/0x220 [ 575.727545][T14871] ? __pfx___sys_sendmsg+0x10/0x10 [ 575.727578][T14871] ? rcu_is_watching+0x12/0xc0 [ 575.727600][T14871] __do_fast_syscall_32+0x73/0x120 [ 575.727627][T14871] do_fast_syscall_32+0x32/0x80 [ 575.727652][T14871] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 575.727672][T14871] RIP: 0023:0xf7f01579 [ 575.727686][T14871] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 575.727703][T14871] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 575.727720][T14871] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 575.727730][T14871] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 575.727740][T14871] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 575.727749][T14871] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 575.727759][T14871] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 575.727781][T14871] [ 575.818826][T14880] ubi: mtd0 is already attached to ubi31 [ 575.870761][T14883] netlink: 2048 bytes leftover after parsing attributes in process `syz.1.2437'. [ 575.875086][T14883] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2437'. [ 575.903163][T14886] FAULT_INJECTION: forcing a failure. [ 575.903163][T14886] name failslab, interval 1, probability 0, space 0, times 0 [ 575.907454][T14886] CPU: 0 UID: 0 PID: 14886 Comm: syz.3.2439 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 575.907470][T14886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 575.907476][T14886] Call Trace: [ 575.907480][T14886] [ 575.907485][T14886] dump_stack_lvl+0x16c/0x1f0 [ 575.907505][T14886] should_fail_ex+0x512/0x640 [ 575.907521][T14886] ? __kmalloc_noprof+0xbf/0x510 [ 575.907534][T14886] ? lsm_blob_alloc+0x68/0x90 [ 575.907544][T14886] should_failslab+0xc2/0x120 [ 575.907557][T14886] __kmalloc_noprof+0xd2/0x510 [ 575.907572][T14886] lsm_blob_alloc+0x68/0x90 [ 575.907582][T14886] security_sk_alloc+0x30/0x270 [ 575.907595][T14886] sk_prot_alloc+0x1c7/0x2a0 [ 575.907613][T14886] sk_alloc+0x36/0xc20 [ 575.907626][T14886] bpf_prog_test_run_skb+0x330/0x2280 [ 575.907641][T14886] ? __fget_files+0x204/0x3c0 [ 575.907653][T14886] ? __fget_files+0x20e/0x3c0 [ 575.907663][T14886] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 575.907678][T14886] ? fput+0x70/0xf0 [ 575.907692][T14886] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 575.907706][T14886] __sys_bpf+0x1485/0x4d80 [ 575.907723][T14886] ? __pfx___sys_bpf+0x10/0x10 [ 575.907739][T14886] ? ksys_write+0x190/0x240 [ 575.907751][T14886] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 575.907775][T14886] ? fput+0x70/0xf0 [ 575.907787][T14886] ? ksys_write+0x1b9/0x240 [ 575.907797][T14886] ? __pfx_ksys_write+0x10/0x10 [ 575.907810][T14886] __ia32_sys_bpf+0x76/0xe0 [ 575.907832][T14886] __do_fast_syscall_32+0x73/0x120 [ 575.907849][T14886] do_fast_syscall_32+0x32/0x80 [ 575.907865][T14886] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 575.907879][T14886] RIP: 0023:0xf7f27579 [ 575.907887][T14886] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 575.907898][T14886] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 575.907908][T14886] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000000 [ 575.907915][T14886] RDX: 000000000000004c RSI: 0000000000000000 RDI: 0000000000000000 [ 575.907921][T14886] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 575.907927][T14886] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 575.907933][T14886] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 575.907946][T14886] [ 576.155935][T14896] netlink: 'syz.3.2441': attribute type 23 has an invalid length. [ 576.524147][T14905] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2444'. [ 576.844981][T14912] IPVS: set_ctl: invalid protocol: 137 224.0.0.2:20000 [ 577.939100][T14961] IPVS: set_ctl: invalid protocol: 137 224.0.0.2:20000 [ 578.021901][ T5351] buffer_io_error: 14 callbacks suppressed [ 578.021912][ T5351] Buffer I/O error on dev loop6, logical block 0, async page read [ 578.028485][ T5351] Buffer I/O error on dev loop6, logical block 0, async page read [ 578.031296][ T5351] Buffer I/O error on dev loop6, logical block 0, async page read [ 578.034696][ T5351] Buffer I/O error on dev loop6, logical block 0, async page read [ 578.037307][ T5351] Buffer I/O error on dev loop6, logical block 0, async page read [ 578.039775][ T5351] Buffer I/O error on dev loop6, logical block 0, async page read [ 578.044022][ T5351] Buffer I/O error on dev loop6, logical block 0, async page read [ 578.046597][ T5351] ldm_validate_partition_table(): Disk read failed. [ 578.048749][ T5351] Buffer I/O error on dev loop6, logical block 0, async page read [ 578.051370][ T5351] Buffer I/O error on dev loop6, logical block 0, async page read [ 578.054551][ T5351] Buffer I/O error on dev loop6, logical block 0, async page read [ 578.057057][ T5351] Dev loop6: unable to read RDB block 0 [ 578.058974][ T5351] loop6: unable to read partition table [ 578.064562][ T5351] loop6: partition table beyond EOD, truncated [ 578.120615][T14969] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.2453'. [ 578.336064][T14972] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2459'. [ 579.216439][T14986] FAULT_INJECTION: forcing a failure. [ 579.216439][T14986] name failslab, interval 1, probability 0, space 0, times 0 [ 579.220405][T14986] CPU: 0 UID: 0 PID: 14986 Comm: syz.3.2463 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 579.220420][T14986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 579.220426][T14986] Call Trace: [ 579.220430][T14986] [ 579.220435][T14986] dump_stack_lvl+0x16c/0x1f0 [ 579.220454][T14986] should_fail_ex+0x512/0x640 [ 579.220472][T14986] should_failslab+0xc2/0x120 [ 579.220487][T14986] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 579.220500][T14986] ? skb_clone+0x190/0x3f0 [ 579.220515][T14986] skb_clone+0x190/0x3f0 [ 579.220529][T14986] netlink_deliver_tap+0xabd/0xd30 [ 579.220546][T14986] netlink_unicast+0x5df/0x7f0 [ 579.220562][T14986] ? __pfx_netlink_unicast+0x10/0x10 [ 579.220580][T14986] netlink_sendmsg+0x8d1/0xdd0 [ 579.220596][T14986] ? __pfx_netlink_sendmsg+0x10/0x10 [ 579.220611][T14986] ? __import_iovec+0x1c8/0x660 [ 579.220624][T14986] ____sys_sendmsg+0xa95/0xc70 [ 579.220642][T14986] ? __pfx_____sys_sendmsg+0x10/0x10 [ 579.220657][T14986] ? get_compat_msghdr+0x11a/0x170 [ 579.220675][T14986] ___sys_sendmsg+0x134/0x1d0 [ 579.220690][T14986] ? __pfx____sys_sendmsg+0x10/0x10 [ 579.220719][T14986] __sys_sendmsg+0x16d/0x220 [ 579.220732][T14986] ? __pfx___sys_sendmsg+0x10/0x10 [ 579.220751][T14986] ? rcu_is_watching+0x12/0xc0 [ 579.220764][T14986] __do_fast_syscall_32+0x73/0x120 [ 579.220781][T14986] do_fast_syscall_32+0x32/0x80 [ 579.220797][T14986] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 579.220810][T14986] RIP: 0023:0xf7f27579 [ 579.220819][T14986] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 579.220829][T14986] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 579.220839][T14986] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001080 [ 579.220846][T14986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 579.220852][T14986] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 579.220858][T14986] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 579.220864][T14986] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 579.220877][T14986] [ 579.249698][ T5938] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 579.298418][ T5938] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 579.304884][ T5938] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 579.307614][ T5938] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 579.310137][ T5938] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 579.333251][T14991] IPVS: set_ctl: invalid protocol: 137 224.0.0.2:20000 [ 579.384475][T14987] lo speed is unknown, defaulting to 1000 [ 579.489460][T14987] chnl_net:caif_netlink_parms(): no params data found [ 579.583807][T14987] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.586311][T14987] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.588827][T14987] bridge_slave_0: entered allmulticast mode [ 579.591693][T14987] bridge_slave_0: entered promiscuous mode [ 579.595391][T14987] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.597672][T14987] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.599860][T14987] bridge_slave_1: entered allmulticast mode [ 579.602501][T14987] bridge_slave_1: entered promiscuous mode [ 579.677278][T15008] input: syz0 as /devices/virtual/input/input18 [ 579.847073][T14987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 579.852235][T14987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 579.890398][T14987] team0: Port device team_slave_0 added [ 579.895141][T14987] team0: Port device team_slave_1 added [ 579.947011][T14987] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 579.949910][T14987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 579.962650][T14987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 579.968706][T14987] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 579.971616][T14987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 579.980307][T14987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 580.044823][T14987] hsr_slave_0: entered promiscuous mode [ 580.047221][T14987] hsr_slave_1: entered promiscuous mode [ 580.049616][T14987] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 580.055302][T14987] Cannot create hsr debugfs directory [ 580.195581][T14987] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 580.297673][T14987] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 580.391987][T14987] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 580.485091][T14987] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.371363][T15032] FAULT_INJECTION: forcing a failure. [ 581.371363][T15032] name failslab, interval 1, probability 0, space 0, times 0 [ 581.377528][T14987] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 581.379943][T15032] CPU: 2 UID: 0 PID: 15032 Comm: syz.0.2477 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 581.379958][T15032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 581.379965][T15032] Call Trace: [ 581.379969][T15032] [ 581.379974][T15032] dump_stack_lvl+0x16c/0x1f0 [ 581.380005][T15032] should_fail_ex+0x512/0x640 [ 581.380024][T15032] should_failslab+0xc2/0x120 [ 581.380038][T15032] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 581.380052][T15032] ? skb_clone+0x190/0x3f0 [ 581.380068][T15032] skb_clone+0x190/0x3f0 [ 581.380081][T15032] netlink_deliver_tap+0xabd/0xd30 [ 581.380099][T15032] netlink_unicast+0x5df/0x7f0 [ 581.380114][T15032] ? __pfx_netlink_unicast+0x10/0x10 [ 581.380133][T15032] netlink_sendmsg+0x8d1/0xdd0 [ 581.380149][T15032] ? __pfx_netlink_sendmsg+0x10/0x10 [ 581.380165][T15032] ? __import_iovec+0x1c8/0x660 [ 581.380178][T15032] ____sys_sendmsg+0xa95/0xc70 [ 581.380194][T15032] ? gfs2_link+0x9d0/0xbd0 [ 581.380207][T15032] ? __pfx_____sys_sendmsg+0x10/0x10 [ 581.380222][T15032] ? get_compat_msghdr+0x11a/0x170 [ 581.380241][T15032] ___sys_sendmsg+0x134/0x1d0 [ 581.380255][T15032] ? __pfx____sys_sendmsg+0x10/0x10 [ 581.380286][T15032] __sys_sendmsg+0x16d/0x220 [ 581.380299][T15032] ? __pfx___sys_sendmsg+0x10/0x10 [ 581.380316][T15032] ? rcu_is_watching+0x12/0xc0 [ 581.380328][T15032] ? rcu_is_watching+0x12/0xc0 [ 581.380340][T15032] __do_fast_syscall_32+0x73/0x120 [ 581.380357][T15032] do_fast_syscall_32+0x32/0x80 [ 581.380373][T15032] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 581.380386][T15032] RIP: 0023:0xf707e579 [ 581.380395][T15032] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 581.380406][T15032] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 581.380416][T15032] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 581.380423][T15032] RDX: 0000000004000800 RSI: 0000000000000000 RDI: 0000000000000000 [ 581.380429][T15032] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 581.380435][T15032] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 581.380441][T15032] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 581.380455][T15032] [ 581.388488][T14987] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 581.415008][ T5938] Bluetooth: hci4: command tx timeout [ 581.474225][T14987] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 581.643822][T14987] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 581.928210][T15049] input: syz0 as /devices/virtual/input/input19 [ 582.185949][T13534] bond0 (unregistering): Released all slaves [ 582.264074][T13534] bond1 (unregistering): Released all slaves [ 582.289565][T14987] 8021q: adding VLAN 0 to HW filter on device bond0 [ 582.305156][T14987] 8021q: adding VLAN 0 to HW filter on device team0 [ 582.312672][ T1175] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.315601][ T1175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 582.323177][T14932] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.325428][T14932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 582.433391][T13534] IPVS: stopping backup sync thread 10315 ... [ 582.467386][T14987] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 582.491657][T14987] veth0_vlan: entered promiscuous mode [ 582.496829][T14987] veth1_vlan: entered promiscuous mode [ 582.545044][T14987] veth0_macvtap: entered promiscuous mode [ 582.548903][T14987] veth1_macvtap: entered promiscuous mode [ 582.558187][T14987] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 582.564635][T14987] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 582.572746][T14987] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.575387][T14987] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.579325][T14987] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.583093][T14987] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.634720][T13534] hsr_slave_0: left promiscuous mode [ 582.671356][T13534] veth1_macvtap: left promiscuous mode [ 582.675017][T13534] veth0_macvtap: left promiscuous mode [ 582.677339][T13534] veth1_vlan: left allmulticast mode [ 582.680344][T13534] veth1_vlan: left promiscuous mode [ 582.682634][T13534] veth0_vlan: left promiscuous mode [ 583.554871][ T5938] Bluetooth: hci4: command tx timeout [ 583.725744][T15079] FAULT_INJECTION: forcing a failure. [ 583.725744][T15079] name failslab, interval 1, probability 0, space 0, times 0 [ 583.730170][T15079] CPU: 2 UID: 0 PID: 15079 Comm: syz.3.2488 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 583.730186][T15079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 583.730193][T15079] Call Trace: [ 583.730197][T15079] [ 583.730201][T15079] dump_stack_lvl+0x16c/0x1f0 [ 583.730221][T15079] should_fail_ex+0x512/0x640 [ 583.730236][T15079] ? __kmalloc_noprof+0xbf/0x510 [ 583.730250][T15079] ? lsm_blob_alloc+0x68/0x90 [ 583.730259][T15079] should_failslab+0xc2/0x120 [ 583.730274][T15079] __kmalloc_noprof+0xd2/0x510 [ 583.730288][T15079] lsm_blob_alloc+0x68/0x90 [ 583.730298][T15079] security_sk_alloc+0x30/0x270 [ 583.730311][T15079] sk_prot_alloc+0x1c7/0x2a0 [ 583.730328][T15079] sk_alloc+0x36/0xc20 [ 583.730341][T15079] bpf_prog_test_run_skb+0x330/0x2280 [ 583.730356][T15079] ? __fget_files+0x204/0x3c0 [ 583.730368][T15079] ? __fget_files+0x20e/0x3c0 [ 583.730377][T15079] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 583.730392][T15079] ? fput+0x70/0xf0 [ 583.730406][T15079] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 583.730419][T15079] __sys_bpf+0x1485/0x4d80 [ 583.730437][T15079] ? __pfx___sys_bpf+0x10/0x10 [ 583.730452][T15079] ? ksys_write+0x190/0x240 [ 583.730464][T15079] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 583.730489][T15079] ? fput+0x70/0xf0 [ 583.730501][T15079] ? ksys_write+0x1b9/0x240 [ 583.730511][T15079] ? __pfx_ksys_write+0x10/0x10 [ 583.730523][T15079] __ia32_sys_bpf+0x76/0xe0 [ 583.730539][T15079] __do_fast_syscall_32+0x73/0x120 [ 583.730557][T15079] do_fast_syscall_32+0x32/0x80 [ 583.730573][T15079] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 583.730586][T15079] RIP: 0023:0xf7f27579 [ 583.730595][T15079] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 583.730605][T15079] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 583.730616][T15079] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800002c0 [ 583.730623][T15079] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 583.730629][T15079] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 583.730634][T15079] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 583.730641][T15079] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 583.730654][T15079] [ 583.743518][T15081] IPVS: set_ctl: invalid protocol: 137 224.0.0.2:20000 [ 583.916827][T15091] input: syz0 as /devices/virtual/input/input20 [ 583.969278][T15092] syz.3.2493: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 583.980026][T15092] CPU: 3 UID: 0 PID: 15092 Comm: syz.3.2493 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 583.980054][T15092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 583.980061][T15092] Call Trace: [ 583.980066][T15092] [ 583.980071][T15092] dump_stack_lvl+0x16c/0x1f0 [ 583.980090][T15092] warn_alloc+0x248/0x3a0 [ 583.980105][T15092] ? __pfx_warn_alloc+0x10/0x10 [ 583.980117][T15092] ? __pfx_stack_trace_save+0x10/0x10 [ 583.980129][T15092] ? stack_depot_save_flags+0x28/0xa50 [ 583.980150][T15092] ? kasan_save_stack+0x42/0x60 [ 583.980160][T15092] ? kasan_save_stack+0x33/0x60 [ 583.980170][T15092] ? kasan_save_track+0x14/0x30 [ 583.980180][T15092] ? __kasan_kmalloc+0xaa/0xb0 [ 583.980189][T15092] ? xskq_create+0x52/0x1d0 [ 583.980203][T15092] ? do_sock_setsockopt+0x224/0x470 [ 583.980217][T15092] ? __sys_setsockopt+0x120/0x1a0 [ 583.980228][T15092] ? __ia32_sys_setsockopt+0xbc/0x160 [ 583.980242][T15092] __vmalloc_node_range_noprof+0x10ea/0x1540 [ 583.980264][T15092] ? xskq_create+0xfb/0x1d0 [ 583.980280][T15092] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 583.980301][T15092] ? xskq_create+0xfb/0x1d0 [ 583.980314][T15092] vmalloc_user_noprof+0x6b/0x90 [ 583.980324][T15092] ? xskq_create+0xfb/0x1d0 [ 583.980337][T15092] xskq_create+0xfb/0x1d0 [ 583.980351][T15092] xsk_setsockopt+0x640/0x840 [ 583.980364][T15092] ? __pfx_xsk_setsockopt+0x10/0x10 [ 583.980376][T15092] ? __pfx_aa_sk_perm+0x10/0x10 [ 583.980390][T15092] ? percpu_counter_add_batch+0xb8/0x1f0 [ 583.980403][T15092] ? errseq_sample+0x53/0x70 [ 583.980416][T15092] ? __pfx_xsk_setsockopt+0x10/0x10 [ 583.980428][T15092] do_sock_setsockopt+0x224/0x470 [ 583.980443][T15092] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 583.980466][T15092] __sys_setsockopt+0x120/0x1a0 [ 583.980481][T15092] __ia32_sys_setsockopt+0xbc/0x160 [ 583.980492][T15092] ? lockdep_hardirqs_on+0x7c/0x110 [ 583.980507][T15092] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 583.980522][T15092] __do_fast_syscall_32+0x73/0x120 [ 583.980539][T15092] do_fast_syscall_32+0x32/0x80 [ 583.980554][T15092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 583.980567][T15092] RIP: 0023:0xf7f27579 [ 583.980576][T15092] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 583.980586][T15092] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 583.980596][T15092] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 000000000000011b [ 583.980603][T15092] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004 [ 583.980609][T15092] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 583.980615][T15092] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 583.980621][T15092] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 583.980634][T15092] [ 583.980677][T15092] Mem-Info: [ 584.079489][T15092] active_anon:6196 inactive_anon:0 isolated_anon:0 [ 584.079489][T15092] active_file:7060 inactive_file:24433 isolated_file:0 [ 584.079489][T15092] unevictable:1768 dirty:331 writeback:0 [ 584.079489][T15092] slab_reclaimable:9948 slab_unreclaimable:65024 [ 584.079489][T15092] mapped:25721 shmem:2435 pagetables:791 [ 584.079489][T15092] sec_pagetables:315 bounce:0 [ 584.079489][T15092] kernel_misc_reclaimable:0 [ 584.079489][T15092] free:58602 free_pcp:2352 free_cma:0 [ 584.094073][T15092] Node 0 active_anon:2252kB inactive_anon:0kB active_file:1340kB inactive_file:16208kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:7604kB dirty:8kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9092kB pagetables:708kB sec_pagetables:1132kB all_unreclaimable? yes Balloon:0kB [ 584.105879][T15092] Node 1 active_anon:22532kB inactive_anon:0kB active_file:26900kB inactive_file:81524kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:95280kB dirty:1316kB writeback:0kB shmem:5820kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3620kB pagetables:2456kB sec_pagetables:128kB all_unreclaimable? no Balloon:0kB [ 584.117023][T15092] Node 0 DMA free:4044kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:84kB inactive_file:128kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:544kB local_pcp:112kB free_cma:0kB [ 584.126148][T15092] lowmem_reserve[]: 0 293 293 293 293 [ 584.127880][T15092] Node 0 DMA32 free:33132kB boost:14336kB min:27784kB low:31144kB high:34504kB reserved_highatomic:4096KB active_anon:2252kB inactive_anon:0kB active_file:1256kB inactive_file:16080kB unevictable:3536kB writepending:8kB present:1032196kB managed:300196kB mlocked:0kB bounce:0kB free_pcp:1060kB local_pcp:168kB free_cma:0kB [ 584.137610][T15092] lowmem_reserve[]: 0 0 0 0 0 [ 584.139118][T15092] Node 1 DMA32 free:196976kB boost:0kB min:47148kB low:58932kB high:70716kB reserved_highatomic:0KB active_anon:22532kB inactive_anon:0kB active_file:26900kB inactive_file:81524kB unevictable:3536kB writepending:1316kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:8004kB local_pcp:400kB free_cma:0kB [ 584.149036][T15092] lowmem_reserve[]: 0 0 0 0 0 [ 584.151215][T15092] Node 0 DMA: 153*4kB (U) 61*8kB (UM) 40*16kB (UM) 22*32kB (U) 7*64kB (U) 1*128kB (M) 0*256kB 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 4044kB [ 584.160890][T15092] Node 0 DMA32: 873*4kB (UEH) 353*8kB (UH) 81*16kB (UMEH) 175*32kB (UMH) 87*64kB (UMH) 22*128kB (UM) 11*256kB (UMH) 3*512kB (U) 3*1024kB (UM) 2*2048kB (ME) 0*4096kB = 33116kB [ 584.166955][T15092] Node 1 DMA32: 237*4kB (ME) 815*8kB (ME) 658*16kB (ME) 393*32kB (ME) 248*64kB (UME) 66*128kB (UME) 45*256kB (UME) 48*512kB (UME) 29*1024kB (UME) 13*2048kB (UM) 12*4096kB (U) = 196460kB [ 584.172649][T15092] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 584.175513][T15092] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 584.178319][T15092] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 584.181150][T15092] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 584.184815][T15092] 33926 total pagecache pages [ 584.186386][T15092] 0 pages in swap cache [ 584.187814][T15092] Free swap = 124996kB [ 584.189433][T15092] Total swap = 124996kB [ 584.190837][T15092] 524155 pages RAM [ 584.192176][T15092] 0 pages HighMem/MovableOnly [ 584.193743][T15092] 208195 pages reserved [ 584.195134][T15092] 0 pages cma reserved [ 584.497966][ T34] lo speed is unknown, defaulting to 1000 [ 584.500486][ T34] infiniband sR4: ib_query_port failed (-19) [ 584.517691][T14933] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 584.520239][T14933] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.551553][T14928] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 584.554369][T14928] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.708319][T15103] netlink: 'syz.2.2496': attribute type 10 has an invalid length. [ 584.711814][T15103] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2496'. [ 584.715755][T15103] batadv0: entered promiscuous mode [ 584.717612][T15103] batadv0: entered allmulticast mode [ 584.736236][T15103] bridge0: port 3(batadv0) entered blocking state [ 584.751338][T15103] bridge0: port 3(batadv0) entered disabled state [ 584.784450][T15103] bridge0: port 3(batadv0) entered blocking state [ 584.786583][T15103] bridge0: port 3(batadv0) entered forwarding state [ 585.447750][T14928] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 585.450767][T14928] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 585.551076][T15114] IPVS: set_ctl: invalid protocol: 137 224.0.0.2:20000 [ 585.977292][ T5938] Bluetooth: hci4: command tx timeout [ 586.566255][T15126] FAULT_INJECTION: forcing a failure. [ 586.566255][T15126] name failslab, interval 1, probability 0, space 0, times 0 [ 586.599036][T15129] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2501'. [ 586.602828][T15129] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ULvyآDUDw}z [ 586.621225][T15126] CPU: 1 UID: 0 PID: 15126 Comm: syz.1.2503 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 586.621242][T15126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 586.621249][T15126] Call Trace: [ 586.621252][T15126] [ 586.621257][T15126] dump_stack_lvl+0x16c/0x1f0 [ 586.621276][T15126] should_fail_ex+0x512/0x640 [ 586.621294][T15126] should_failslab+0xc2/0x120 [ 586.621308][T15126] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 586.621322][T15126] ? skb_clone+0x190/0x3f0 [ 586.621337][T15126] skb_clone+0x190/0x3f0 [ 586.621351][T15126] netlink_deliver_tap+0xabd/0xd30 [ 586.621368][T15126] netlink_unicast+0x5df/0x7f0 [ 586.621384][T15126] ? __pfx_netlink_unicast+0x10/0x10 [ 586.621402][T15126] netlink_sendmsg+0x8d1/0xdd0 [ 586.621418][T15126] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.621434][T15126] ? __import_iovec+0x1c8/0x660 [ 586.621481][T15126] ____sys_sendmsg+0xa95/0xc70 [ 586.621500][T15126] ? __pfx_____sys_sendmsg+0x10/0x10 [ 586.621515][T15126] ? get_compat_msghdr+0x11a/0x170 [ 586.621534][T15126] ___sys_sendmsg+0x134/0x1d0 [ 586.621548][T15126] ? __pfx____sys_sendmsg+0x10/0x10 [ 586.621578][T15126] __sys_sendmsg+0x16d/0x220 [ 586.621591][T15126] ? __pfx___sys_sendmsg+0x10/0x10 [ 586.621608][T15126] ? rcu_is_watching+0x12/0xc0 [ 586.621620][T15126] ? rcu_is_watching+0x12/0xc0 [ 586.621631][T15126] __do_fast_syscall_32+0x73/0x120 [ 586.621649][T15126] do_fast_syscall_32+0x32/0x80 [ 586.621665][T15126] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 586.621678][T15126] RIP: 0023:0xf7f01579 [ 586.621687][T15126] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 586.621697][T15126] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 586.621708][T15126] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 586.621714][T15126] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 586.621720][T15126] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 586.621731][T15126] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 586.621737][T15126] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 586.621750][T15126] [ 586.623057][T15128] Driver unsupported XDP return value 0 on prog (id 396) dev N/A, expect packet loss! [ 586.806183][T15147] IPVS: set_ctl: invalid protocol: 137 224.0.0.2:20000 [ 586.904289][T15158] FAULT_INJECTION: forcing a failure. [ 586.904289][T15158] name failslab, interval 1, probability 0, space 0, times 0 [ 586.908556][T15158] CPU: 0 UID: 0 PID: 15158 Comm: syz.2.2511 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 586.908572][T15158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 586.908580][T15158] Call Trace: [ 586.908584][T15158] [ 586.908589][T15158] dump_stack_lvl+0x16c/0x1f0 [ 586.908608][T15158] should_fail_ex+0x512/0x640 [ 586.908627][T15158] should_failslab+0xc2/0x120 [ 586.908644][T15158] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 586.908658][T15158] ? skb_clone+0x190/0x3f0 [ 586.908675][T15158] skb_clone+0x190/0x3f0 [ 586.908689][T15158] netlink_deliver_tap+0xabd/0xd30 [ 586.908707][T15158] netlink_unicast+0x5df/0x7f0 [ 586.908723][T15158] ? __pfx_netlink_unicast+0x10/0x10 [ 586.908748][T15158] netlink_sendmsg+0x8d1/0xdd0 [ 586.908774][T15158] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.908798][T15158] ? __import_iovec+0x1c8/0x660 [ 586.908822][T15158] ____sys_sendmsg+0xa95/0xc70 [ 586.908847][T15158] ? __pfx_____sys_sendmsg+0x10/0x10 [ 586.908862][T15158] ? get_compat_msghdr+0x11a/0x170 [ 586.908880][T15158] ___sys_sendmsg+0x134/0x1d0 [ 586.908899][T15158] ? __pfx____sys_sendmsg+0x10/0x10 [ 586.908929][T15158] __sys_sendmsg+0x16d/0x220 [ 586.908942][T15158] ? __pfx___sys_sendmsg+0x10/0x10 [ 586.908961][T15158] ? rcu_is_watching+0x12/0xc0 [ 586.908974][T15158] __do_fast_syscall_32+0x73/0x120 [ 586.908991][T15158] do_fast_syscall_32+0x32/0x80 [ 586.909008][T15158] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 586.909021][T15158] RIP: 0023:0xf7f45579 [ 586.909031][T15158] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 586.909042][T15158] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 586.909053][T15158] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 586.909060][T15158] RDX: 0000000020048800 RSI: 0000000000000000 RDI: 0000000000000000 [ 586.909066][T15158] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 586.909072][T15158] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 586.909078][T15158] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 586.909091][T15158] [ 586.957831][T15162] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2510'. [ 587.064840][T15165] FAULT_INJECTION: forcing a failure. [ 587.064840][T15165] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 587.083892][T15165] CPU: 0 UID: 0 PID: 15165 Comm: syz.2.2512 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 587.083910][T15165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 587.083917][T15165] Call Trace: [ 587.083922][T15165] [ 587.083926][T15165] dump_stack_lvl+0x16c/0x1f0 [ 587.083945][T15165] should_fail_ex+0x512/0x640 [ 587.083965][T15165] _copy_from_user+0x2e/0xd0 [ 587.083976][T15165] get_user_ifreq+0x116/0x1c0 [ 587.083993][T15165] inet_ioctl+0x37e/0x3f0 [ 587.084009][T15165] ? __pfx_inet_ioctl+0x10/0x10 [ 587.084031][T15165] ? tomoyo_path_number_perm+0x18d/0x580 [ 587.084049][T15165] sock_do_ioctl+0x118/0x280 [ 587.084064][T15165] ? __pfx_sock_do_ioctl+0x10/0x10 [ 587.084086][T15165] compat_sock_ioctl+0x301/0x730 [ 587.084097][T15165] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 587.084109][T15165] ? __fget_files+0x20e/0x3c0 [ 587.084119][T15165] ? __pfx_fput+0x10/0x10 [ 587.084135][T15165] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 587.084144][T15165] __ia32_compat_sys_ioctl+0x24f/0x360 [ 587.084160][T15165] __do_fast_syscall_32+0x73/0x120 [ 587.084178][T15165] do_fast_syscall_32+0x32/0x80 [ 587.084194][T15165] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 587.084207][T15165] RIP: 0023:0xf7f45579 [ 587.084216][T15165] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 587.084226][T15165] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 587.084237][T15165] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000891c [ 587.084244][T15165] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000 [ 587.084250][T15165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 587.084256][T15165] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 587.084262][T15165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 587.084274][T15165] [ 587.194570][T15171] syzkaller0: entered promiscuous mode [ 587.196355][T15171] syzkaller0: entered allmulticast mode [ 588.022259][ T5938] Bluetooth: hci4: command tx timeout [ 589.499869][T15213] netlink: 'syz.0.2525': attribute type 4 has an invalid length. [ 589.503324][T15213] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2525'. [ 589.506643][T15213] ================================================================== [ 589.509119][T15213] BUG: KASAN: global-out-of-bounds in fib6_ifdown+0x7f5/0x8f0 [ 589.511635][T15213] Read of size 8 at addr ffffffff9af85c90 by task syz.0.2525/15213 [ 589.514970][T15213] [ 589.516447][T15213] CPU: 1 UID: 0 PID: 15213 Comm: syz.0.2525 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 589.516463][T15213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 589.516471][T15213] Call Trace: [ 589.516477][T15213] [ 589.516481][T15213] dump_stack_lvl+0x116/0x1f0 [ 589.516501][T15213] print_report+0xc3/0x670 [ 589.516516][T15213] ? __virt_addr_valid+0x5e/0x590 [ 589.516530][T15213] ? __phys_addr+0xc6/0x150 [ 589.516546][T15213] ? fib6_ifdown+0x7f5/0x8f0 [ 589.516559][T15213] kasan_report+0xe0/0x110 [ 589.516572][T15213] ? fib6_ifdown+0x7f5/0x8f0 [ 589.516586][T15213] fib6_ifdown+0x7f5/0x8f0 [ 589.516598][T15213] ? __pfx_fib6_ifdown+0x10/0x10 [ 589.516610][T15213] fib6_clean_node+0x2a7/0x5b0 [ 589.516622][T15213] ? __pfx_fib6_clean_node+0x10/0x10 [ 589.516639][T15213] fib6_walk_continue+0x452/0x8d0 [ 589.516650][T15213] fib6_walk+0x182/0x370 [ 589.516660][T15213] ? __pfx_fib6_ifdown+0x10/0x10 [ 589.516671][T15213] fib6_clean_tree+0xd4/0x110 [ 589.516682][T15213] ? __pfx_fib6_clean_tree+0x10/0x10 [ 589.516694][T15213] ? __pfx_fib6_clean_node+0x10/0x10 [ 589.516706][T15213] ? __pfx_fib6_ifdown+0x10/0x10 [ 589.516719][T15213] ? __pfx_fib6_ifdown+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 589.516731][T15213] __fib6_clean_all+0x107/0x2d0 [ 589.516742][T15213] rt6_disable_ip+0x2ec/0x990 [ 589.516758][T15213] ? __mutex_trylock_common+0xe9/0x250 [ 589.516773][T15213] ? __pfx___mutex_trylock_common+0x10/0x10 [ 589.516787][T15213] ? __pfx_rt6_disable_ip+0x10/0x10 [ 589.516802][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.516813][T15213] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 589.516832][T15213] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 589.516856][T15213] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 589.516882][T15213] addrconf_notify+0x89a/0x19e0 [ 589.516905][T15213] ? ip6mr_device_event+0x1bc/0x230 [ 589.516940][T15213] notifier_call_chain+0xbc/0x410 [ 589.516959][T15213] ? __pfx_addrconf_notify+0x10/0x10 [ 589.516975][T15213] call_netdevice_notifiers_info+0xbe/0x140 [ 589.516993][T15213] netif_set_mtu_ext+0x3bf/0x5c0 [ 589.517007][T15213] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 589.517020][T15213] ? __lock_acquire+0x5ca/0x1ba0 [ 589.517034][T15213] netif_set_mtu+0xb0/0x160 [ 589.517046][T15213] ? __pfx_netif_set_mtu+0x10/0x10 [ 589.517060][T15213] ? ib_device_get_by_netdev+0x1c2/0x520 [ 589.517072][T15213] ? vxlan_netdevice_event+0x11f/0x370 [ 589.517083][T15213] ? __pfx_ib_device_get_by_netdev+0x10/0x10 [ 589.517095][T15213] dev_set_mtu+0xb2/0x260 [ 589.517108][T15213] bond_change_mtu+0x17d/0x590 [ 589.517121][T15213] ? __pfx_bond_change_mtu+0x10/0x10 [ 589.517133][T15213] ? __pfx_bond_change_mtu+0x10/0x10 [ 589.517143][T15213] netif_set_mtu_ext+0x36c/0x5c0 [ 589.517155][T15213] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 589.517168][T15213] ? __pfx_validate_linkmsg+0x10/0x10 [ 589.517180][T15213] ? __asan_memset+0x23/0x50 [ 589.517191][T15213] do_setlink.constprop.0+0xa96/0x44b0 [ 589.517206][T15213] ? __lock_acquire+0xaa4/0x1ba0 [ 589.517218][T15213] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 589.517233][T15213] ? __mutex_trylock_common+0xe9/0x250 [ 589.517247][T15213] ? __pfx___mutex_trylock_common+0x10/0x10 [ 589.517261][T15213] ? __pfx___might_resched+0x10/0x10 [ 589.517273][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.517282][T15213] ? trace_contention_end+0xdd/0x130 [ 589.517296][T15213] ? __mutex_lock+0x1ca/0xb90 [ 589.517310][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.517319][T15213] ? rtnl_newlink+0x600/0x2000 [ 589.517331][T15213] ? trace_cap_capable+0x18d/0x200 [ 589.517343][T15213] ? __pfx___mutex_lock+0x10/0x10 [ 589.517357][T15213] ? apparmor_capable+0x114/0x1d0 [ 589.517371][T15213] ? netlink_ns_capable+0xfa/0x130 [ 589.517384][T15213] rtnl_newlink+0x1446/0x2000 [ 589.517399][T15213] ? __pfx_rtnl_newlink+0x10/0x10 [ 589.517442][T15213] ? kasan_quarantine_put+0x10a/0x240 [ 589.517455][T15213] ? lockdep_hardirqs_on+0x7c/0x110 [ 589.517472][T15213] ? kfree_skbmem+0x1a4/0x1f0 [ 589.517483][T15213] ? __lock_acquire+0x5ca/0x1ba0 [ 589.517497][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.517507][T15213] ? trace_cap_capable+0x18d/0x200 [ 589.517520][T15213] ? find_held_lock+0x2b/0x80 [ 589.517530][T15213] ? __pfx_rtnl_newlink+0x10/0x10 [ 589.517544][T15213] ? __pfx_rtnl_newlink+0x10/0x10 [ 589.517557][T15213] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 589.517570][T15213] ? __pfx_rtnl_newlink+0x10/0x10 [ 589.517583][T15213] rtnetlink_rcv_msg+0x95b/0xe90 [ 589.517598][T15213] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 589.517614][T15213] netlink_rcv_skb+0x16d/0x440 [ 589.517627][T15213] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 589.517641][T15213] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 589.517657][T15213] ? netlink_deliver_tap+0x1ae/0xd30 [ 589.517671][T15213] netlink_unicast+0x53a/0x7f0 [ 589.517686][T15213] ? __pfx_netlink_unicast+0x10/0x10 [ 589.517701][T15213] netlink_sendmsg+0x8d1/0xdd0 [ 589.517715][T15213] ? __pfx_netlink_sendmsg+0x10/0x10 [ 589.517729][T15213] ? __import_iovec+0x1c8/0x660 [ 589.517741][T15213] ____sys_sendmsg+0xa95/0xc70 [ 589.517756][T15213] ? __pfx_____sys_sendmsg+0x10/0x10 [ 589.517771][T15213] ? get_compat_msghdr+0x11a/0x170 [ 589.517785][T15213] ___sys_sendmsg+0x134/0x1d0 [ 589.517797][T15213] ? __pfx____sys_sendmsg+0x10/0x10 [ 589.517817][T15213] __sys_sendmsg+0x16d/0x220 [ 589.517829][T15213] ? __pfx___sys_sendmsg+0x10/0x10 [ 589.517841][T15213] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 589.517856][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.517865][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.517876][T15213] __do_fast_syscall_32+0x73/0x120 [ 589.517892][T15213] do_fast_syscall_32+0x32/0x80 [ 589.517908][T15213] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 589.517920][T15213] RIP: 0023:0xf707e579 [ 589.517930][T15213] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 589.517949][T15213] RSP: 002b:00000000f504d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 589.517966][T15213] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000240 [ 589.517976][T15213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 589.517986][T15213] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 589.517996][T15213] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 589.518007][T15213] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 589.518022][T15213] [ 589.518028][T15213] [ 589.739748][T15213] The buggy address belongs to the variable: [ 589.741913][T15213] __key.0+0x30/0x40 [ 589.743362][T15213] [ 589.744285][T15213] The buggy address belongs to the physical page: [ 589.746613][T15213] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af85 [ 589.749743][T15213] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 589.752413][T15213] raw: 00fff00000002000 ffffea00006be148 ffffea00006be148 0000000000000000 [ 589.755489][T15213] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 589.758479][T15213] page dumped because: kasan: bad access detected [ 589.760810][T15213] page_owner info is not present (never set?) [ 589.763017][T15213] [ 589.763900][T15213] Memory state around the buggy address: [ 589.765919][T15213] ffffffff9af85b80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 589.768681][T15213] ffffffff9af85c00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 589.771551][T15213] >ffffffff9af85c80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 589.774422][T15213] ^ [ 589.776001][T15213] ffffffff9af85d00: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 [ 589.778841][T15213] ffffffff9af85d80: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 589.781651][T15213] ================================================================== [ 589.784692][T15213] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 589.787706][T15213] CPU: 1 UID: 0 PID: 15213 Comm: syz.0.2525 Not tainted 6.15.0-rc7-syzkaller-00152-gd0c22de9995b #0 PREEMPT(full) [ 589.792550][T15213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 589.796985][T15213] Call Trace: [ 589.798338][T15213] [ 589.799564][T15213] dump_stack_lvl+0x3d/0x1f0 [ 589.801923][T15213] panic+0x71c/0x800 [ 589.803634][T15213] ? __pfx_panic+0x10/0x10 [ 589.805527][T15213] ? mark_held_locks+0x49/0x80 [ 589.807370][T15213] ? fib6_ifdown+0x7f5/0x8f0 [ 589.809045][T15213] ? fib6_ifdown+0x7f5/0x8f0 [ 589.810736][T15213] check_panic_on_warn+0xab/0xb0 [ 589.812568][T15213] end_report+0x107/0x170 [ 589.814156][T15213] kasan_report+0xee/0x110 [ 589.815783][T15213] ? fib6_ifdown+0x7f5/0x8f0 [ 589.817497][T15213] fib6_ifdown+0x7f5/0x8f0 [ 589.819131][T15213] ? __pfx_fib6_ifdown+0x10/0x10 [ 589.820933][T15213] fib6_clean_node+0x2a7/0x5b0 [ 589.822693][T15213] ? __pfx_fib6_clean_node+0x10/0x10 [ 589.824620][T15213] fib6_walk_continue+0x452/0x8d0 [ 589.826474][T15213] fib6_walk+0x182/0x370 [ 589.828028][T15213] ? __pfx_fib6_ifdown+0x10/0x10 [ 589.829839][T15213] fib6_clean_tree+0xd4/0x110 [ 589.831545][T15213] ? __pfx_fib6_clean_tree+0x10/0x10 [ 589.833481][T15213] ? __pfx_fib6_clean_node+0x10/0x10 [ 589.835391][T15213] ? __pfx_fib6_ifdown+0x10/0x10 [ 589.837209][T15213] ? __pfx_fib6_ifdown+0x10/0x10 [ 589.839056][T15213] __fib6_clean_all+0x107/0x2d0 [ 589.840825][T15213] rt6_disable_ip+0x2ec/0x990 [ 589.842568][T15213] ? __mutex_trylock_common+0xe9/0x250 [ 589.844558][T15213] ? __pfx___mutex_trylock_common+0x10/0x10 [ 589.846757][T15213] ? __pfx_rt6_disable_ip+0x10/0x10 [ 589.848678][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.850433][T15213] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 589.852455][T15213] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 589.854522][T15213] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 589.856658][T15213] addrconf_notify+0x89a/0x19e0 [ 589.858434][T15213] ? ip6mr_device_event+0x1bc/0x230 [ 589.860320][T15213] notifier_call_chain+0xbc/0x410 [ 589.862166][T15213] ? __pfx_addrconf_notify+0x10/0x10 [ 589.864087][T15213] call_netdevice_notifiers_info+0xbe/0x140 [ 589.866239][T15213] netif_set_mtu_ext+0x3bf/0x5c0 [ 589.868052][T15213] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 589.870023][T15213] ? __lock_acquire+0x5ca/0x1ba0 [ 589.871811][T15213] netif_set_mtu+0xb0/0x160 [ 589.873567][T15213] ? __pfx_netif_set_mtu+0x10/0x10 [ 589.875432][T15213] ? ib_device_get_by_netdev+0x1c2/0x520 [ 589.877483][T15213] ? vxlan_netdevice_event+0x11f/0x370 [ 589.879437][T15213] ? __pfx_ib_device_get_by_netdev+0x10/0x10 [ 589.881600][T15213] dev_set_mtu+0xb2/0x260 [ 589.883240][T15213] bond_change_mtu+0x17d/0x590 [ 589.885007][T15213] ? __pfx_bond_change_mtu+0x10/0x10 [ 589.886957][T15213] ? __pfx_bond_change_mtu+0x10/0x10 [ 589.888866][T15213] netif_set_mtu_ext+0x36c/0x5c0 [ 589.890677][T15213] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 589.892646][T15213] ? __pfx_validate_linkmsg+0x10/0x10 [ 589.894593][T15213] ? __asan_memset+0x23/0x50 [ 589.896288][T15213] do_setlink.constprop.0+0xa96/0x44b0 [ 589.898276][T15213] ? __lock_acquire+0xaa4/0x1ba0 [ 589.900072][T15213] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 589.902230][T15213] ? __mutex_trylock_common+0xe9/0x250 [ 589.904197][T15213] ? __pfx___mutex_trylock_common+0x10/0x10 [ 589.906370][T15213] ? __pfx___might_resched+0x10/0x10 [ 589.908282][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.909972][T15213] ? trace_contention_end+0xdd/0x130 [ 589.911877][T15213] ? __mutex_lock+0x1ca/0xb90 [ 589.913621][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.915368][T15213] ? rtnl_newlink+0x600/0x2000 [ 589.917142][T15213] ? trace_cap_capable+0x18d/0x200 [ 589.919044][T15213] ? __pfx___mutex_lock+0x10/0x10 [ 589.920877][T15213] ? apparmor_capable+0x114/0x1d0 [ 589.922745][T15213] ? netlink_ns_capable+0xfa/0x130 [ 589.924487][T15213] rtnl_newlink+0x1446/0x2000 [ 589.926075][T15213] ? __pfx_rtnl_newlink+0x10/0x10 [ 589.927868][T15213] ? kasan_quarantine_put+0x10a/0x240 [ 589.929644][T15213] ? lockdep_hardirqs_on+0x7c/0x110 [ 589.931362][T15213] ? kfree_skbmem+0x1a4/0x1f0 [ 589.933026][T15213] ? __lock_acquire+0x5ca/0x1ba0 [ 589.934706][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.936351][T15213] ? trace_cap_capable+0x18d/0x200 [ 589.938090][T15213] ? find_held_lock+0x2b/0x80 [ 589.939693][T15213] ? __pfx_rtnl_newlink+0x10/0x10 [ 589.941392][T15213] ? __pfx_rtnl_newlink+0x10/0x10 [ 589.943135][T15213] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 589.944842][T15213] ? __pfx_rtnl_newlink+0x10/0x10 [ 589.946578][T15213] rtnetlink_rcv_msg+0x95b/0xe90 [ 589.948305][T15213] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 589.950150][T15213] netlink_rcv_skb+0x16d/0x440 [ 589.951803][T15213] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 589.953692][T15213] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 589.955486][T15213] ? netlink_deliver_tap+0x1ae/0xd30 [ 589.957335][T15213] netlink_unicast+0x53a/0x7f0 [ 589.958967][T15213] ? __pfx_netlink_unicast+0x10/0x10 [ 589.960738][T15213] netlink_sendmsg+0x8d1/0xdd0 [ 589.962396][T15213] ? __pfx_netlink_sendmsg+0x10/0x10 [ 589.964245][T15213] ? __import_iovec+0x1c8/0x660 [ 589.965875][T15213] ____sys_sendmsg+0xa95/0xc70 [ 589.967558][T15213] ? __pfx_____sys_sendmsg+0x10/0x10 [ 589.969337][T15213] ? get_compat_msghdr+0x11a/0x170 [ 589.971113][T15213] ___sys_sendmsg+0x134/0x1d0 [ 589.972696][T15213] ? __pfx____sys_sendmsg+0x10/0x10 [ 589.974483][T15213] __sys_sendmsg+0x16d/0x220 [ 589.976077][T15213] ? __pfx___sys_sendmsg+0x10/0x10 [ 589.977820][T15213] ? __ia32_sys_futex_time32+0x1d9/0x460 [ 589.979792][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.981426][T15213] ? rcu_is_watching+0x12/0xc0 [ 589.983066][T15213] __do_fast_syscall_32+0x73/0x120 [ 589.984799][T15213] do_fast_syscall_32+0x32/0x80 [ 589.986468][T15213] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 589.988406][T15213] RIP: 0023:0xf707e579 [ 589.989679][T15213] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 589.995355][T15213] RSP: 002b:00000000f504d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 589.997892][T15213] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000240 [ 590.000340][T15213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 590.002754][T15213] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 590.005637][T15213] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 590.008198][T15213] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 590.010678][T15213] [ 590.012273][T15213] Kernel Offset: disabled [ 590.013649][T15213] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:15:22 Registers: info registers vcpu 0 CPU#0 RAX=00000000011f797f RBX=0000000000000000 RCX=ffffffff8b69a3e9 RDX=0000000000000000 RSI=ffffffff8dbde8d7 RDI=ffffffff8bf48ea0 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10 R8 =0000000000000001 R9 =ffffed10056465bd R10=ffff88802b232deb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90854f10 R15=0000000000000000 RIP=ffffffff8b698c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080d73000 CR3=0000000026b79000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff854c6a35 RDI=ffffffff9ade4c80 RBP=ffffffff9ade4c40 RSP=ffffc90002df60c0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3966666666666666 R12=0000000000000000 R13=0000000000000000 R14=ffffffff9ade4c40 R15=ffffffff9ade4f00 RIP=ffffffff854c6a5f RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978e7000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002d90affc CR3=0000000022634000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88802b341460 RCX=ffffffff81aea149 RDX=ffff88802002c880 RSI=ffffffff81aea123 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900010defe0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffed100566828d R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b43b180 RIP=ffffffff81aea125 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000809dc000 CR3=000000005e408000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000058a DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000008000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000000 RBX=0000000000000004 RCX=ffffffff822fd2c5 RDX=1ffff110049662b1 RSI=ffffffff848acc25 RDI=ffff888024b31588 RBP=ffff888024b31500 RSP=ffffc900039a7c90 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000400 R11=0000000000000000 R12=0000000000000004 R13=0000000000000004 R14=ffff888024b31500 R15=0000000000000001 RIP=ffffffff848acc41 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097ae7000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080e52000 CR3=000000004e8ac000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7492ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000