last executing test programs: 8.806257315s ago: executing program 2 (id=2668): socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x2000) ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000000)) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x80000000000000a, 0x2, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) chdir(&(0x7f0000000100)='./file0\x00') utimensat(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0xc000, 0x1) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x1, @mcast2, 0x1}}, {{0xa, 0x0, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}, 0xfffffffd}}}, 0x108) setsockopt$inet6_group_source_req(r2, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) sendmsg$nl_generic(r1, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002680)={&(0x7f0000002640)=ANY=[@ANYBLOB="1400000038ed01002cbd7000ffdbdf250e000000"], 0x14}, 0x1, 0x0, 0x0, 0x44805}, 0xc805) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r6, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000040)={0x84, @loopback, 0x4e25, 0x3, 'lblc\x00', 0x1, 0x2, 0x6e}, 0x2c) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x6, 0x0) 8.096205863s ago: executing program 2 (id=2672): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000a40)=ANY=[@ANYRESDEC=r0, @ANYRES16]) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x8c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x6, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xb}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000640)={0x18, &(0x7f0000000400)={0x40, 0x7, 0xb1, {0xb1, 0x21, "582185b1e19b7d4c16282cc3e6e19b797a56e65a0ce076e2fe4328deb6755c58d82d5dd18e0eb59d5e1ad2625a3b5f9ad8820ed37c042fb4f9ebadce56bf5aa89f3ecf2fbe5c50932a5fe08534dc08f25630c5b688f4aa3e3745340044d17d6ebabfe9495472b5f7093e7bf4d354bd38ee7192533c3be489fd9d5ccd43102a1e2df380a008e75f12872e0f554eb5341b5fdc6ece426a8b136bfc68878d765109ba23e683a148672e17058f213c3e6d"}}, &(0x7f00000004c0)={0x0, 0x3, 0x2, @string={0x2}}, &(0x7f00000001c0)={0x0, 0xf, 0x19, {0x5, 0xf, 0x19, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0x6, 0x4, 0x3}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x2, 0x6, 0x9}]}}, &(0x7f0000000300)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x0, 0xc4, 0xf6, "71593ff1", "6a191c68"}}, &(0x7f0000000600)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x1, 0xe, 0x0, 0x8, 0x607, 0xa}}}, &(0x7f0000000b40)={0x44, &(0x7f0000000680)={0x20, 0x16, 0x82, "9b194ce5673dc3ca4c4be834f467512ecad2963198e89cb4c860032fdb87958128f34ed75d7b048078f6e5d7ef056da722ac2d5c56c2b4731a46f17c69a9cd1435bf6eadfe76888bee73e95644076a036391f6b66f0310fc5a6e0d74c4a2d4591de2138fcf6788cdefc589adf452523edf05a903ad2174128ecd16e2207ada198c10"}, &(0x7f0000000740)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000780)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000007c0)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f0000000800)={0x20, 0x0, 0x8, {0x1, 0x20, [0xff00]}}, &(0x7f0000000840)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000000880)={0x40, 0x9, 0x1, 0xd}, &(0x7f00000008c0)={0x40, 0xb, 0x2, "6e84"}, &(0x7f0000000900)={0x40, 0xf, 0x2, 0x3}, &(0x7f0000000940)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}, &(0x7f0000000980)={0x40, 0x17, 0x6, @local}, &(0x7f00000009c0)={0x40, 0x19, 0x2, "a481"}, &(0x7f0000000a00)={0x40, 0x1a, 0x2, 0xa68b}, &(0x7f0000000a80)={0x40, 0x1c, 0x1, 0xb}, &(0x7f0000000ac0)={0x40, 0x1e, 0x1, 0x6}, &(0x7f0000000b00)={0x40, 0x21, 0x1, 0x9c}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fanotify_init(0x4c, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f0000000280)) shutdown(0xffffffffffffffff, 0x1) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c}) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a3100000000080041007278650014"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) socket$inet6(0xa, 0x2, 0x6) syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) close(0xffffffffffffffff) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) 6.108849995s ago: executing program 0 (id=2674): socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x2000) ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) socket(0x80000000000000a, 0x2, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) chdir(&(0x7f0000000100)='./file0\x00') utimensat(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0) 5.858726371s ago: executing program 0 (id=2675): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921"], 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_usb_ep_write(r0, 0x81, 0x0, 0x0) lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 5.308965096s ago: executing program 1 (id=2677): syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74) syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x14, 0x28b, 0x0, r1}, &(0x7f0000000140)=0x0, &(0x7f0000000280)=0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x20, r6, 0x301, 0xfffffffc, 0x0, {0x2b}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r7, 0x21eae}}, 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}]}, 0x58}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00'}) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r10) r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x7e, &(0x7f0000000540)={@local, @random="ca8d6f7ea8db", @void, {@llc={0x4, {@snap={0x0, 0xaa, "4689", "6ab047", 0x11, "7616565c399f45ee77d05bbf98c6c92c919031c4ec4a82f14243ded16a4ad2982abffd03261a6b73bec121b14daa9bb220cc84e79c8f979abe3db208c3c9ccd7267f02079c25a279efdc053663420c8f51fa62512547a4353bb0ac05013c0ed7f91e702e21ac33"}}}}}, 0x0) recvmsg(r11, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) ioctl$SIOCSIFHWADDR(r10, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"}) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618000000008553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0), 0x106, 0x5}}, 0x20) r12 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r12, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e143f02000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x110, 0x0, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) 5.083641609s ago: executing program 0 (id=2678): r0 = socket$kcm(0xa, 0x3, 0x3a) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYRESDEC=r0, @ANYRES32=0xffffffffffffffff, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800"/28, @ANYRES32, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001cc0)={0x11, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030033000b12d25a80648c2594f90124fc60100c03400f000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffd, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) r10 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r10, &(0x7f000001aa80)=ANY=[@ANYRES16=r2], 0xff) io_uring_enter(r7, 0x3516, 0xe0ff, 0x0, 0x0, 0x0) openat$sndtimer(0xffffff9c, 0x0, 0x4001) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x600, &(0x7f0000000840)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f00000031c0)={&(0x7f00000006c0)=@l2tp6={0xa, 0x0, 0x9, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x3c, 0xfffffffc}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="200000002900000002000000bf0c4ee5998d5a8a126d8775b8be4d563e000000ac00000014010b00d30000007aa4fcf2c87c62da58c4e47f98c696e8a96f6265401ce945b29428921ab99d7933b2412be73779bfd93796a33bda0d2ab37d2224bc96f4e2d2309bfc869ebb2fd704159e293d1696d693294fb4e431649032d9d26384f5d0086ada48949b71e189f9237755ef768cc57922b82f350a2953358ee43107ea57ea8283dbcd91db7501005d045de990a64bf966c52fbf31e731d4d8ec3e98c3097b38d8750f000000"], 0xcc}, 0x0) 4.780950504s ago: executing program 2 (id=2679): r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, 0x0}, 0x0) r2 = dup(r1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = openat$urandom(0xffffff9c, 0x0, 0x90000, 0x0) ioctl$RNDGETENTCNT(r5, 0x80045200, &(0x7f0000000140)) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRES16=r0, @ANYBLOB="6f7226841ec469381bb86661aeaf3d6343e8326bc213a91a5a929d44a8414b3595995c5bdc4cb7f0761c7675e1eacb304211243e771e096bf4afaf65b991348e07e8901db1db8b9fef5bdf78d424698ff50015cad764097e6245e0f02154b2afa391", @ANYBLOB], 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r6, 0x0, 0x0}, 0x20) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='oom_score_adj_update\x00', r7}, 0x10) r8 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') writev(r8, &(0x7f00000002c0)=[{&(0x7f0000000280)='0', 0x1}], 0x1) r9 = syz_io_uring_setup(0x64a, &(0x7f0000000740)={0x0, 0x1c29, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r9, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) r12 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r12, &(0x7f0000000000)={0x27}, 0x62) listen(r12, 0x0) 4.459529568s ago: executing program 3 (id=2680): r0 = socket$kcm(0xa, 0x3, 0x3a) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYRESDEC=r0, @ANYRES32, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800"/28, @ANYRES32, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001cc0)={0x11, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030033000b12d25a80648c2594f90124fc60100c03400f000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffd, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) r9 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r9, 0x0, 0xff) io_uring_enter(r6, 0x3516, 0xe0ff, 0x0, 0x0, 0x0) openat$sndtimer(0xffffff9c, &(0x7f0000000040), 0x4001) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x600, &(0x7f0000000840)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f00000031c0)={&(0x7f00000006c0)=@l2tp6={0xa, 0x0, 0x9, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x3c, 0xfffffffc}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="200000002900000002000000bf0c4ee5998d5a8a126d8775b8be4d563e000000ac00000014010b00d30000007aa4fcf2c87c62da58c4e47f98c696e8a96f6265401ce945b29428921ab99d7933b2412be73779bfd93796a33bda0d2ab37d2224bc96f4e2d2309bfc869ebb2fd704159e293d1696d693294fb4e431649032d9d26384f5d0086ada48949b71e189f9237755ef768cc57922b82f350a2953358ee43107ea57ea8283dbcd91db7501005d045de990a64bf966c52fbf31e731d4d8ec3e98c3097b38d8750f000000"], 0xcc}, 0x0) 4.400218826s ago: executing program 1 (id=2681): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a60000000000000050000001400050020", @ANYRES32=r0], 0x4c}}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000000200", @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYBLOB], 0x48}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x1800, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x20}, {}, {}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 3.952441114s ago: executing program 0 (id=2682): ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x4, 0x2c00000000000000, 0xb, 0x6a}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="3e0f01c9b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9330300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x15555555555556b5, 0x20, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.876739118s ago: executing program 2 (id=2683): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, &(0x7f0000000000)=0x46, 0x4) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x3, 0x4, 0x0, r2}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFCONF(r6, 0x8912, &(0x7f00000005c0)) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TLS_TX(r7, 0x6, 0x1, &(0x7f0000000000)=@ccm_128={{}, "ad25dda89a2d6247", "a2d292ffdfbb62a9a753a534ebf222dc", "975c82f5", "56eb855e20aa8db9"}, 0x28) setsockopt$inet_tcp_int(r7, 0x6, 0x3, &(0x7f00000001c0), 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000040)={{0x10000, 0xffff1000, 0xd, 0x6, 0x1, 0xa, 0xdb, 0x4, 0x0, 0x8, 0x5a}, {0x0, 0x8080000, 0xd, 0x6, 0x3, 0x82, 0x8, 0x3e, 0x6, 0x0, 0xf, 0x8}, {0x8080000, 0x4, 0x10, 0x5b, 0xff, 0x3, 0x1, 0xfe, 0xa1, 0x1, 0x2b, 0x5}, {0x10000, 0xdddd1000, 0x0, 0x7, 0x6, 0x3, 0x3, 0x9, 0x3, 0x7f, 0x0, 0x6}, {0xeeef0000, 0x5000, 0x3, 0xfb, 0xaa, 0x1, 0x71, 0x0, 0x6, 0x8, 0x14, 0x1}, {0x3000, 0x0, 0x9, 0x1, 0xf6, 0xb, 0x2, 0x2d, 0x2, 0xfc, 0xde, 0x2}, {0xf000, 0xeeef5000, 0xe, 0xe, 0x2, 0x4, 0x7, 0x0, 0x4, 0xa0, 0x6, 0x8}, {0x6000, 0x8080000, 0x0, 0x5, 0x3, 0xff, 0x2, 0x0, 0x2, 0x7, 0xe6, 0x8}, {0x2, 0xaa6d}, {0x6000, 0x1}, 0x80000000, 0x0, 0x8080000, 0x566085, 0x8, 0x2801, 0xeeef0000, [0x0, 0x3, 0x80000000, 0x9]}) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000044000701fcffffff00000000017c00000c0002"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) sendmsg$nl_generic(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000745870"], 0xd}}, 0x0) pipe(&(0x7f0000000000)) r10 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="38000000031401002abd7080fedbdf250900020073797a3100000000080041007278650014003300767863616e31000000000000008cae594e4ddd5cac56001f00"], 0x38}, 0x1, 0x0, 0x0, 0x20000800}, 0x20000000) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) 3.54420585s ago: executing program 3 (id=2685): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000080000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000021440011800a0001006d617463680000003400028008000240000000001c0003006f56053021e3db5e31a40955c600d35da9e6ac400166db480a0001"], 0xc8}}, 0x0) r2 = openat$cuse(0xffffff9c, &(0x7f0000000100), 0x2, 0x0) write$FUSE_INIT(r2, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x29, 0x1, 0x2902120a, 0x0, 0x0, 0x900, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x50) ptrace(0x10, 0x0) ptrace$getregset(0x4205, 0x0, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='qrtr_ns_message\x00', r0}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r3, 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'geneve1\x00', 0x0}) setsockopt$packet_int(r5, 0x107, 0x0, &(0x7f0000000180)=0x2, 0x4) sendto$packet(r5, &(0x7f00000000c0)="3f03fe7fd877140006001e0089e9", 0xe, 0x4008010, &(0x7f0000000540)={0xc9, 0x86dd, r6, 0x1, 0x0, 0x6, @remote}, 0x14) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_ro(r7, &(0x7f0000000080)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_subtree(r8, &(0x7f00000000c0)=ANY=[@ANYBLOB='-'], 0x44) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) timer_create(0x3, 0x0, &(0x7f0000044000)=0x0) r10 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x8) fcntl$setlease(r10, 0x400, 0x1) fcntl$getflags(r10, 0x11) timer_settime(r9, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) timer_gettime(r9, &(0x7f00000000c0)) 3.412969674s ago: executing program 0 (id=2686): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000140), &(0x7f00000000c0)=0x4) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, 0x0, 0x8000) recvmmsg$unix(r2, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x600, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x24, 0x1e, 0x1, 0x0, 0x0, {0x7}, [@NDA_DST_IPV4={0x8, 0x2, @loopback}]}, 0x24}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000040)=0x4) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000440)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be9774c95d6c007c91903f78616596487bf50017c56b15385ab264cba5b168c62d971e67e6f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a0f802074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e54e5b2897c3fff38eabf67e1e160c2b5e18be06457844d89c9a606b7d25fbde713f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9bf1fedf54cc2dc6aea6c42c32de40c291e5f422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b09edfd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883ca3648c27772fc5dbaea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee744b1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380858965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9b97034f94"}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, &(0x7f0000000240)=0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800ad0000050000000000040000000000a60000000000000020eccbecebe95548dc232a1133784df7722b25afd1a30b572d5f881ce7a633c3999ff46c85988e268cb2d9d50a63a62973a4ddfbb23fe437de5e189e30a23032fa2bd87d54e1ae3f29ce37df0ed773219c9838c71859fe748baa3094d84c54a130a341ae9b53e639"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xb68, 0xfffffffffffffd2e, &(0x7f0000000000)='e', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x48) 2.965187324s ago: executing program 1 (id=2687): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000140), &(0x7f00000000c0)=0x4) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x8000) recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x600, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x24, 0x1e, 0x1, 0x0, 0x0, {0x7}, [@NDA_DST_IPV4={0x8, 0x2, @loopback}]}, 0x24}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f0000000040)=0x4) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000440)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be9774c95d6c007c91903f78616596487bf50017c56b15385ab264cba5b168c62d971e67e6f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a0f802074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e54e5b2897c3fff38eabf67e1e160c2b5e18be06457844d89c9a606b7d25fbde713f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9bf1fedf54cc2dc6aea6c42c32de40c291e5f422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b09edfd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883ca3648c27772fc5dbaea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee744b1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380858965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9b97034f94"}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) ioctl$SNDCTL_DSP_SUBDIVIDE(r5, 0xc0045009, &(0x7f0000000240)=0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800ad0000050000000000040000000000a60000000000000020eccbecebe95548dc232a1133784df7722b25afd1a30b572d5f881ce7a633c3999ff46c85988e268cb2d9d50a63a62973a4ddfbb23fe437de5e189e30a23032fa2bd87d54e1ae3f29ce37df0ed773219c9838c71859fe748baa3094d84c54a130a341ae9b53e639"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0xfffffffffffffd2e, &(0x7f0000000000)='e', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x48) 2.639290233s ago: executing program 3 (id=2688): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000080000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000021440011800a0001006d617463680000003400028008000240000000001c0003006f56053021e3db5e31a40955c600d35da9e6ac400166db480a0001"], 0xc8}}, 0x0) r2 = openat$cuse(0xffffff9c, &(0x7f0000000100), 0x2, 0x0) write$FUSE_INIT(r2, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x29, 0x1, 0x2902120a, 0x0, 0x0, 0x900, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x50) ptrace(0x10, 0x0) ptrace$getregset(0x4205, 0x0, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='qrtr_ns_message\x00', r0}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r3, &(0x7f00000016c0)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd52a44fec4f6f1a6f65158bb6911c295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2971f29d9364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d07000000000000008b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e807df4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfdb0c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681a03007e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22f3bb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7c5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cf8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46070039116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c949ca930e7a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4bc700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'geneve1\x00', 0x0}) setsockopt$packet_int(r5, 0x107, 0x0, &(0x7f0000000180)=0x2, 0x4) sendto$packet(r5, &(0x7f00000000c0)="3f03fe7fd877140006001e0089e9", 0xe, 0x4008010, &(0x7f0000000540)={0xc9, 0x86dd, r6, 0x1, 0x0, 0x6, @remote}, 0x14) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_ro(r7, &(0x7f0000000080)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_subtree(r8, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x44) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) timer_create(0x3, 0x0, &(0x7f0000044000)=0x0) r10 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x8) fcntl$setlease(r10, 0x400, 0x1) fcntl$getflags(r10, 0x11) timer_settime(r9, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) timer_gettime(r9, &(0x7f00000000c0)) 2.576656473s ago: executing program 2 (id=2689): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222"], 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_usb_ep_write(r0, 0x81, 0x0, 0x0) lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 2.408941123s ago: executing program 0 (id=2690): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000a40)=ANY=[@ANYRESDEC=r0, @ANYRES16]) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x8c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x6, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xb}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000640)={0x18, &(0x7f0000000400)={0x40, 0x7, 0xb1, {0xb1, 0x21, "582185b1e19b7d4c16282cc3e6e19b797a56e65a0ce076e2fe4328deb6755c58d82d5dd18e0eb59d5e1ad2625a3b5f9ad8820ed37c042fb4f9ebadce56bf5aa89f3ecf2fbe5c50932a5fe08534dc08f25630c5b688f4aa3e3745340044d17d6ebabfe9495472b5f7093e7bf4d354bd38ee7192533c3be489fd9d5ccd43102a1e2df380a008e75f12872e0f554eb5341b5fdc6ece426a8b136bfc68878d765109ba23e683a148672e17058f213c3e6d"}}, &(0x7f00000004c0)={0x0, 0x3, 0x2, @string={0x2}}, &(0x7f00000001c0)={0x0, 0xf, 0x19, {0x5, 0xf, 0x19, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0x6, 0x4, 0x3}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x2, 0x6, 0x9}]}}, &(0x7f0000000300)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x0, 0xc4, 0xf6, "71593ff1", "6a191c68"}}, &(0x7f0000000600)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x1, 0xe, 0x0, 0x8, 0x607, 0xa}}}, &(0x7f0000000b40)={0x44, &(0x7f0000000680)={0x20, 0x16, 0x82, "9b194ce5673dc3ca4c4be834f467512ecad2963198e89cb4c860032fdb87958128f34ed75d7b048078f6e5d7ef056da722ac2d5c56c2b4731a46f17c69a9cd1435bf6eadfe76888bee73e95644076a036391f6b66f0310fc5a6e0d74c4a2d4591de2138fcf6788cdefc589adf452523edf05a903ad2174128ecd16e2207ada198c10"}, &(0x7f0000000740)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000780)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000007c0)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f0000000800)={0x20, 0x0, 0x8, {0x1, 0x20, [0xff00]}}, &(0x7f0000000840)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000000880)={0x40, 0x9, 0x1, 0xd}, &(0x7f00000008c0)={0x40, 0xb, 0x2, "6e84"}, &(0x7f0000000900)={0x40, 0xf, 0x2, 0x3}, &(0x7f0000000940)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}, &(0x7f0000000980)={0x40, 0x17, 0x6, @local}, &(0x7f00000009c0)={0x40, 0x19, 0x2, "a481"}, &(0x7f0000000a00)={0x40, 0x1a, 0x2, 0xa68b}, &(0x7f0000000a80)={0x40, 0x1c, 0x1, 0xb}, &(0x7f0000000ac0)={0x40, 0x1e, 0x1, 0x6}, &(0x7f0000000b00)={0x40, 0x21, 0x1, 0x9c}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) fanotify_init(0x4c, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0) syz_open_procfs(0x0, 0x0) ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f0000000280)) shutdown(0xffffffffffffffff, 0x1) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c}) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) socket$inet6(0xa, 0x2, 0x6) syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) close(0xffffffffffffffff) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) 2.377440917s ago: executing program 3 (id=2691): syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74) syz_io_uring_setup(0x497, &(0x7f00000001c0)={0x0, 0x7079, 0x0, 0x14, 0x28b, 0x0, r1}, &(0x7f0000000140), &(0x7f0000000280)) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r3, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r4, 0x21eae}}, 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}]}}]}, 0x3c}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}]}, 0x58}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00'}) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r10) r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x7e, &(0x7f0000000540)={@local, @random="ca8d6f7ea8db", @void, {@llc={0x4, {@snap={0x0, 0xaa, "4689", "6ab047", 0x11, "7616565c399f45ee77d05bbf98c6c92c919031c4ec4a82f14243ded16a4ad2982abffd03261a6b73bec121b14daa9bb220cc84e79c8f979abe3db208c3c9ccd7267f02079c25a279efdc053663420c8f51fa62512547a4353bb0ac05013c0ed7f91e702e21ac33"}}}}}, 0x0) recvmsg(r11, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) ioctl$SIOCSIFHWADDR(r10, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"}) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618000000008553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) 1.931059571s ago: executing program 1 (id=2692): r0 = socket$kcm(0xa, 0x3, 0x3a) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYRESDEC=r0, @ANYRES32=0xffffffffffffffff, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800"/28, @ANYRES32, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001cc0)={0x11, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030033000b12d25a80648c2594f90124fc60100c03400f000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffd, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) r10 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r10, &(0x7f000001aa80)=ANY=[@ANYRES16=r2], 0xff) io_uring_enter(r7, 0x3516, 0xe0ff, 0x0, 0x0, 0x0) openat$sndtimer(0xffffff9c, &(0x7f0000000040), 0x4001) sendmsg$kcm(r1, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000031c0)={&(0x7f00000006c0)=@l2tp6={0xa, 0x0, 0x9, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x3c, 0xfffffffc}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="200000002900000002000000bf0c4ee5998d5a8a126d8775b8be4d563e000000ac00000014010b00d30000007aa4fcf2c87c62da58c4e47f98c696e8a96f6265401ce945b29428921ab99d7933b2412be73779bfd93796a33bda0d2ab37d2224bc96f4e2d2309bfc869ebb2fd704159e293d1696d693294fb4e431649032d9d26384f5d0086ada48949b71e189f9237755ef768cc57922b82f350a2953358ee43107ea57ea8283dbcd91db7501005d045de990a64bf966c52fbf31e731d4d8ec3e98c3097b38d8750f000000"], 0xcc}, 0x0) 1.829541234s ago: executing program 2 (id=2693): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000a40)=ANY=[@ANYRESDEC=r0, @ANYRES16]) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x8c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x6, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xb}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000640)={0x18, &(0x7f0000000400)={0x40, 0x7, 0xb1, {0xb1, 0x21, "582185b1e19b7d4c16282cc3e6e19b797a56e65a0ce076e2fe4328deb6755c58d82d5dd18e0eb59d5e1ad2625a3b5f9ad8820ed37c042fb4f9ebadce56bf5aa89f3ecf2fbe5c50932a5fe08534dc08f25630c5b688f4aa3e3745340044d17d6ebabfe9495472b5f7093e7bf4d354bd38ee7192533c3be489fd9d5ccd43102a1e2df380a008e75f12872e0f554eb5341b5fdc6ece426a8b136bfc68878d765109ba23e683a148672e17058f213c3e6d"}}, &(0x7f00000004c0)={0x0, 0x3, 0x2, @string={0x2}}, &(0x7f00000001c0)={0x0, 0xf, 0x19, {0x5, 0xf, 0x19, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0x6, 0x4, 0x3}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x2, 0x6, 0x9}]}}, &(0x7f0000000300)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x0, 0xc4, 0xf6, "71593ff1", "6a191c68"}}, &(0x7f0000000600)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x1, 0xe, 0x0, 0x8, 0x607, 0xa}}}, &(0x7f0000000b40)={0x44, &(0x7f0000000680)={0x20, 0x16, 0x82, "9b194ce5673dc3ca4c4be834f467512ecad2963198e89cb4c860032fdb87958128f34ed75d7b048078f6e5d7ef056da722ac2d5c56c2b4731a46f17c69a9cd1435bf6eadfe76888bee73e95644076a036391f6b66f0310fc5a6e0d74c4a2d4591de2138fcf6788cdefc589adf452523edf05a903ad2174128ecd16e2207ada198c10"}, &(0x7f0000000740)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000780)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000007c0)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f0000000800)={0x20, 0x0, 0x8, {0x1, 0x20, [0xff00]}}, &(0x7f0000000840)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000000880)={0x40, 0x9, 0x1, 0xd}, &(0x7f00000008c0)={0x40, 0xb, 0x2, "6e84"}, &(0x7f0000000900)={0x40, 0xf, 0x2, 0x3}, &(0x7f0000000940)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}, &(0x7f0000000980)={0x40, 0x17, 0x6, @local}, &(0x7f00000009c0)={0x40, 0x19, 0x2, "a481"}, &(0x7f0000000a00)={0x40, 0x1a, 0x2, 0xa68b}, &(0x7f0000000a80)={0x40, 0x1c, 0x1, 0xb}, &(0x7f0000000ac0)={0x40, 0x1e, 0x1, 0x6}, &(0x7f0000000b00)={0x40, 0x21, 0x1, 0x9c}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fanotify_init(0x4c, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0) r4 = syz_open_procfs(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r4}}) ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f0000000280)) shutdown(0xffffffffffffffff, 0x1) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c}) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a3100000000080041007278650014003300"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) socket$inet6(0xa, 0x2, 0x6) syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) close(0xffffffffffffffff) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) 1.475106294s ago: executing program 3 (id=2694): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, 0x0, 0x8000) recvmmsg$unix(r2, 0x0, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x600, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000018c0)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000040)=0x4) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, &(0x7f0000000240)=0x4) ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000280)={0x0, 0x1, 0x7}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800ad0000050000000000040000000000a60000000000000020eccbecebe95548dc232a1133784df7722b25afd1a30b572d5f881ce7a633c3999ff46c85988e268cb2d9d50a63a62973a4ddfbb23fe437de5e189e30a23032fa2bd87d54e1ae3f29ce37df0ed773219c9838c71859fe748baa3094d84c54a130a341ae9b53e639"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) 1.034518039s ago: executing program 1 (id=2695): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000140), &(0x7f00000000c0)=0x4) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x8000) recvmmsg$unix(r2, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x600, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x24, 0x1e, 0x1, 0x0, 0x0, {0x7}, [@NDA_DST_IPV4={0x8, 0x2, @loopback}]}, 0x24}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000040)=0x4) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000440)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be9774c95d6c007c91903f78616596487bf50017c56b15385ab264cba5b168c62d971e67e6f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a0f802074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e54e5b2897c3fff38eabf67e1e160c2b5e18be06457844d89c9a606b7d25fbde713f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9bf1fedf54cc2dc6aea6c42c32de40c291e5f422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b09edfd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883ca3648c27772fc5dbaea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee744b1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380858965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9b97034f94"}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, &(0x7f0000000240)=0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800ad0000050000000000040000000000a60000000000000020eccbecebe95548dc232a1133784df7722b25afd1a30b572d5f881ce7a633c3999ff46c85988e268cb2d9d50a63a62973a4ddfbb23fe437de5e189e30a23032fa2bd87d54e1ae3f29ce37df0ed773219c9838c71859fe748baa3094d84c54a130a341ae9b53e639"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xb68, 0xfffffffffffffd2e, &(0x7f0000000000)='e', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x48) 512.012943ms ago: executing program 3 (id=2696): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000140), &(0x7f00000000c0)=0x4) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x8000) recvmmsg$unix(r2, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)}}], 0x1, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x600, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x24, 0x1e, 0x1, 0x0, 0x0, {0x7}, [@NDA_DST_IPV4={0x8, 0x2, @loopback}]}, 0x24}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000040)=0x4) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000440)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be9774c95d6c007c91903f78616596487bf50017c56b15385ab264cba5b168c62d971e67e6f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a0f802074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e54e5b2897c3fff38eabf67e1e160c2b5e18be06457844d89c9a606b7d25fbde713f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9bf1fedf54cc2dc6aea6c42c32de40c291e5f422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b09edfd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883ca3648c27772fc5dbaea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee744b1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380858965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9b97034f94"}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 0s ago: executing program 1 (id=2697): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010000000008000000000800000008000300", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) kernel console output (not intermixed with test programs): requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 471.660116][ T29] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 471.811983][ T29] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 471.816572][ T29] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 471.820901][ T29] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 471.824687][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.831150][T14552] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 471.836893][ T29] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 472.372597][T14563] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 472.374728][T14563] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 472.376777][T14563] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 472.412635][T14566] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2167'. [ 472.550210][T14572] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2169'. [ 472.803140][T14575] sp7: Synchronizing with TNC [ 472.970112][ T6011] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 473.121588][ T6011] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 473.125094][ T6011] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 473.128172][ T6011] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 473.131097][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.136117][T14576] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 473.140844][ T6011] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 473.650175][ T5951] Bluetooth: hci0: command 0x0406 tx timeout [ 474.065732][ T29] usb 5-1: USB disconnect, device number 38 [ 474.165084][T14595] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 474.440969][ T5951] Bluetooth: hci2: command 0x0406 tx timeout [ 474.440994][ T5950] Bluetooth: hci3: command 0x0405 tx timeout [ 474.868474][T14611] netlink: 'syz.2.2179': attribute type 3 has an invalid length. [ 474.871042][T14611] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2179'. [ 475.027632][T14613] netlink: 'syz.2.2179': attribute type 10 has an invalid length. [ 475.030141][T14613] mac80211_hwsim hwsim9 wlan1: left allmulticast mode [ 475.034161][T14613] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 475.122078][T14615] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 475.490408][ T29] usb 6-1: USB disconnect, device number 32 [ 475.510144][ T6067] usb 8-1: new full-speed USB device number 46 using dummy_hcd [ 475.652000][ T6067] usb 8-1: device descriptor read/64, error -71 [ 475.900145][ T6067] usb 8-1: new full-speed USB device number 47 using dummy_hcd [ 476.040165][ T6067] usb 8-1: device descriptor read/64, error -71 [ 476.150293][ T6067] usb usb8-port1: attempt power cycle [ 476.490358][ T6067] usb 8-1: new full-speed USB device number 48 using dummy_hcd [ 476.510992][ T6067] usb 8-1: device descriptor read/8, error -71 [ 476.950267][ T6067] usb 8-1: new full-speed USB device number 49 using dummy_hcd [ 476.971153][ T6067] usb 8-1: device descriptor read/8, error -71 [ 476.998750][T14656] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2192'. [ 477.002147][T14656] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2192'. [ 477.036770][ T40] audit: type=1326 audit(1749491382.289:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14657 comm="syz.2.2193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 477.043429][ T40] audit: type=1326 audit(1749491382.289:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14657 comm="syz.2.2193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 477.050970][ T40] audit: type=1326 audit(1749491382.289:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14657 comm="syz.2.2193" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 477.058022][ T40] audit: type=1326 audit(1749491382.289:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14657 comm="syz.2.2193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 477.065818][ T6011] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 477.068696][ T40] audit: type=1326 audit(1749491382.289:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14657 comm="syz.2.2193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 477.076586][ T40] audit: type=1326 audit(1749491382.289:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14657 comm="syz.2.2193" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 477.083913][ T40] audit: type=1326 audit(1749491382.289:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14657 comm="syz.2.2193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 477.091247][ T40] audit: type=1326 audit(1749491382.289:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14657 comm="syz.2.2193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 477.091627][ T6067] usb usb8-port1: unable to enumerate USB device [ 477.098502][ T40] audit: type=1326 audit(1749491382.289:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14657 comm="syz.2.2193" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 477.107658][ T40] audit: type=1326 audit(1749491382.299:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14657 comm="syz.2.2193" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000 [ 477.334797][ T6011] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 477.338273][ T6011] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 477.352509][ T6011] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 477.388951][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.436556][T14647] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 477.457504][ T6011] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 478.540613][T14686] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2202'. [ 478.543454][T14686] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2202'. [ 478.638066][T14688] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 478.647965][T14690] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2201'. [ 478.668174][T14690] batadv0: entered allmulticast mode [ 479.735208][T14711] 9pnet_fd: Insufficient options for proto=fd [ 479.750960][ T6011] usb 6-1: USB disconnect, device number 33 [ 480.240140][T14727] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 480.250191][ T1457] usb 8-1: new high-speed USB device number 50 using dummy_hcd [ 480.412331][ T1457] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 480.419378][ T1457] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 480.422616][ T1457] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 480.425633][ T1457] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.431563][T14710] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 480.435446][ T1457] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 480.560261][ T6011] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 480.680785][T14752] sctp: [Deprecated]: syz.2.2221 (pid 14752) Use of int in maxseg socket option. [ 480.680785][T14752] Use struct sctp_assoc_value instead [ 480.723107][ T6011] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 480.727770][ T6011] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 480.731796][ T6011] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 480.734992][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.739733][T14739] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 480.740450][T14755] netlink: 'syz.2.2222': attribute type 3 has an invalid length. [ 480.744478][T14755] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2222'. [ 480.744837][ T6011] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 480.952697][T14757] netlink: 'syz.2.2222': attribute type 10 has an invalid length. [ 481.905871][T14775] xt_CT: You must specify a L4 protocol and not use inversions on it [ 481.989803][T14777] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2229'. [ 482.430209][ T6011] usb 8-1: USB disconnect, device number 50 [ 482.464774][T14791] netlink: 'syz.3.2235': attribute type 3 has an invalid length. [ 482.467273][T14791] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2235'. [ 482.589763][T14789] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2234'. [ 482.592693][T14789] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2234'. [ 482.595542][T14789] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2234'. [ 482.707440][T14793] netlink: 'syz.3.2235': attribute type 10 has an invalid length. [ 482.912073][ T6011] usb 6-1: USB disconnect, device number 34 [ 483.626891][T14807] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 483.721272][T14811] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2240'. [ 484.169999][T14821] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 484.239895][T14825] netlink: 'syz.0.2244': attribute type 2 has an invalid length. [ 484.710246][ T6030] usb 8-1: new full-speed USB device number 51 using dummy_hcd [ 484.866585][ T6030] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 484.874698][ T6030] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 484.877514][ T6030] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 484.890185][ T6030] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.894088][ T6030] usb 8-1: config 0 descriptor?? [ 485.660092][ T29] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 485.811709][ T29] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 485.815772][ T29] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 485.819240][ T29] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 485.822767][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.828265][T14856] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 485.833058][ T29] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 486.649653][T14879] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 487.487227][ T6067] usb 8-1: USB disconnect, device number 51 [ 487.700169][ T29] usb 5-1: new full-speed USB device number 39 using dummy_hcd [ 487.728576][T14890] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 487.851770][ T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 487.859110][ T29] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 487.866995][ T29] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 487.869903][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.874244][ T29] usb 5-1: config 0 descriptor?? [ 488.029696][T14894] netlink: 'syz.2.2261': attribute type 3 has an invalid length. [ 488.032454][T14894] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2261'. [ 488.037558][ T6030] usb 6-1: USB disconnect, device number 35 [ 488.160286][ T29] usbhid 5-1:0.0: can't add hid device: -71 [ 488.162238][ T29] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 488.165564][ T29] usb 5-1: USB disconnect, device number 39 [ 488.210773][T14897] netlink: 'syz.2.2261': attribute type 10 has an invalid length. [ 488.440732][ T5950] Bluetooth: unknown link type 108 [ 488.442654][ T5950] Bluetooth: hci0: connection err: -111 [ 489.124381][T14914] 9pnet_fd: Insufficient options for proto=fd [ 489.669926][T14925] vxcan1 speed is unknown, defaulting to 1000 [ 489.800109][ T6067] usb 5-1: new full-speed USB device number 40 using dummy_hcd [ 489.951465][ T6067] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 489.955084][ T6067] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 489.959266][ T6067] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 489.963230][ T6067] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.967195][ T6067] usb 5-1: config 0 descriptor?? [ 490.100250][T14925] lo speed is unknown, defaulting to 1000 [ 490.484073][T14937] netlink: 'syz.1.2275': attribute type 10 has an invalid length. [ 490.574630][ T6067] usbhid 5-1:0.0: can't add hid device: -71 [ 490.576678][ T6067] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 490.580778][ T6067] usb 5-1: USB disconnect, device number 40 [ 490.975986][T14956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2279'. [ 491.329790][T14965] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 491.803721][T14974] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2284'. [ 491.806737][T14974] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2284'. [ 491.809804][T14974] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2284'. [ 491.813524][T14974] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2284'. [ 491.891160][T14976] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2284'. [ 492.178399][ T5950] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 492.187077][T14980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2286'. [ 492.490197][ T29] usb 5-1: new full-speed USB device number 41 using dummy_hcd [ 492.661385][ T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 492.664819][ T29] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 492.668818][ T29] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 492.671891][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.676670][ T29] usb 5-1: config 0 descriptor?? [ 492.896688][ T29] usbhid 5-1:0.0: can't add hid device: -71 [ 492.898864][ T29] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 492.906986][ T29] usb 5-1: USB disconnect, device number 41 [ 492.980149][ T6011] usb 6-1: new full-speed USB device number 36 using dummy_hcd [ 493.133163][ T6011] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 493.136363][ T6011] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 493.141443][ T6011] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 493.154646][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.158354][ T6011] usb 6-1: config 0 descriptor?? [ 493.166257][ T6011] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 493.447789][T15000] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2293'. [ 493.449092][ T55] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.497671][ T5951] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 493.501631][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 493.505165][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 493.508238][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 493.514483][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 493.539437][ T55] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.558758][T15003] vxcan1 speed is unknown, defaulting to 1000 [ 493.623814][ T55] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.642376][T15003] lo speed is unknown, defaulting to 1000 [ 493.702435][ T55] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.793793][T15010] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 493.871347][T15009] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 494.308029][ T55] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 494.311283][ T55] bond0 (unregistering): Released all slaves [ 494.402741][ T55] bond1 (unregistering): Released all slaves [ 494.417782][ T55] bond2 (unregistering): Released all slaves [ 494.478340][T15003] chnl_net:caif_netlink_parms(): no params data found [ 494.637832][T15003] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.638590][T15026] xt_CT: No such helper "syz1" [ 494.640865][T15003] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.644090][T15003] bridge_slave_0: entered allmulticast mode [ 494.650154][T15003] bridge_slave_0: entered promiscuous mode [ 494.654345][T15003] bridge0: port 2(bridge_slave_1) entered blocking state [ 494.656623][T15003] bridge0: port 2(bridge_slave_1) entered disabled state [ 494.658891][T15003] bridge_slave_1: entered allmulticast mode [ 494.663813][T15003] bridge_slave_1: entered promiscuous mode [ 494.677481][ T40] kauditd_printk_skb: 29 callbacks suppressed [ 494.677492][ T40] audit: type=1326 audit(1749491399.929:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15028 comm="syz.3.2298" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 494.683140][T15031] netlink: 'syz.0.2299': attribute type 3 has an invalid length. [ 494.690349][ T40] audit: type=1326 audit(1749491399.939:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15028 comm="syz.3.2298" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 494.690835][T15031] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2299'. [ 494.703352][ T40] audit: type=1326 audit(1749491399.939:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15028 comm="syz.3.2298" exe="/syz-executor" sig=0 arch=40000003 syscall=136 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 494.711134][ T40] audit: type=1326 audit(1749491399.939:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15028 comm="syz.3.2298" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 494.732211][ T40] audit: type=1326 audit(1749491399.939:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15028 comm="syz.3.2298" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 494.740698][ T40] audit: type=1326 audit(1749491399.939:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15028 comm="syz.3.2298" exe="/syz-executor" sig=0 arch=40000003 syscall=333 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 494.748555][ T40] audit: type=1326 audit(1749491399.939:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15028 comm="syz.3.2298" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 494.756541][ T40] audit: type=1326 audit(1749491399.939:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15028 comm="syz.3.2298" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 494.765082][ T40] audit: type=1326 audit(1749491399.939:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15028 comm="syz.3.2298" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 494.771941][ T40] audit: type=1326 audit(1749491399.939:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15028 comm="syz.3.2298" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 494.819392][T15003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 494.824301][T15003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 494.927151][T15042] netlink: 'syz.0.2299': attribute type 10 has an invalid length. [ 494.930627][T15003] team0: Port device team_slave_0 added [ 495.122037][T15003] team0: Port device team_slave_1 added [ 495.161413][T15040] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 495.163503][T15040] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 495.165437][T15040] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 495.167413][T15040] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 495.172946][T15040] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 495.208419][T15003] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 495.211316][T15003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 495.219333][T15003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 495.224847][T15003] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 495.226966][T15003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 495.235356][T15003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 495.286659][T15003] hsr_slave_0: entered promiscuous mode [ 495.289064][T15003] hsr_slave_1: entered promiscuous mode [ 495.291438][T15003] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 495.293930][T15003] Cannot create hsr debugfs directory [ 495.420203][ T1457] usb 8-1: new high-speed USB device number 52 using dummy_hcd [ 495.438041][ T55] hsr_slave_0: left promiscuous mode [ 495.441468][ T55] hsr_slave_1: left promiscuous mode [ 495.464627][ T55] veth1_macvtap: left promiscuous mode [ 495.466504][ T55] veth0_macvtap: left promiscuous mode [ 495.469531][ T55] veth1_vlan: left promiscuous mode [ 495.509713][ T55] pimreg (unregistering): left allmulticast mode [ 495.616416][ T1457] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 495.619573][ T1457] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.622228][ T1457] usb 8-1: Product: syz [ 495.623559][ T1457] usb 8-1: Manufacturer: syz [ 495.625048][ T1457] usb 8-1: SerialNumber: syz [ 495.629355][ T1457] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 495.654815][ T1457] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 495.764033][ T1325] usb 6-1: USB disconnect, device number 36 [ 495.809453][T15053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 495.813237][T15053] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 495.816455][T15053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 495.819560][T15053] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 495.825546][T15053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 495.829215][T15055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 495.829315][T15053] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 495.832585][T15055] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 495.838635][T15053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 495.842059][T15053] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 496.150089][ T1325] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 496.290095][ T1325] usb 6-1: device descriptor read/64, error -71 [ 496.530390][ T1325] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 496.680231][ T1325] usb 6-1: device descriptor read/64, error -71 [ 496.690267][ T1457] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive [ 496.692839][ T1457] ath9k_htc: Failed to initialize the device [ 496.724086][ T1457] usb 8-1: ath9k_htc: USB layer deinitialized [ 496.790414][ T1325] usb usb6-port1: attempt power cycle [ 497.130127][ T1325] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 497.151022][ T1325] usb 6-1: device descriptor read/8, error -71 [ 497.240345][ T5951] Bluetooth: hci2: command 0x041b tx timeout [ 497.243742][ T5951] Bluetooth: hci3: command 0x0405 tx timeout [ 497.245748][ T5951] Bluetooth: hci0: command 0x0406 tx timeout [ 497.384054][T15003] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 497.390116][ T1325] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 497.392892][T15003] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 497.401930][T15003] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 497.409049][T15003] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 497.420725][ T1325] usb 6-1: device descriptor read/8, error -71 [ 497.469705][T15003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 497.481634][T15003] 8021q: adding VLAN 0 to HW filter on device team0 [ 497.486775][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 497.489210][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 497.498286][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 497.500646][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 497.530384][ T1325] usb usb6-port1: unable to enumerate USB device [ 497.622080][T15003] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 497.647313][T15003] veth0_vlan: entered promiscuous mode [ 497.652617][T15003] veth1_vlan: entered promiscuous mode [ 497.668409][T15003] veth0_macvtap: entered promiscuous mode [ 497.672657][T15003] veth1_macvtap: entered promiscuous mode [ 497.699066][T15003] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 497.729863][T15003] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 497.746709][T15003] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.749589][T15003] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.753169][ T9] libceph: connect (1)[c::]:6789 error -101 [ 497.753198][T15003] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.755178][T15003] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.759515][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 497.765689][ T9] libceph: connect (1)[c::]:6789 error -101 [ 497.767970][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 497.832441][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 497.832919][ T54] usb 8-1: USB disconnect, device number 52 [ 497.834935][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 497.855107][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 497.857657][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.023920][ T9] libceph: connect (1)[c::]:6789 error -101 [ 498.029043][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 498.141579][T15096] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 498.553094][ T9] libceph: connect (1)[c::]:6789 error -101 [ 498.556413][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 498.577183][T15083] ceph: No mds server is up or the cluster is laggy [ 498.871028][ T5951] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 498.876010][ T5951] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 498.879543][ T5951] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 498.887634][ T5951] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 498.892876][ T5951] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 498.920738][ T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.944103][T15104] vxcan1 speed is unknown, defaulting to 1000 [ 499.000266][T15108] random: crng reseeded on system resumption [ 499.056016][T15111] 9pnet_fd: Insufficient options for proto=fd [ 499.084937][ T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.094634][T15104] lo speed is unknown, defaulting to 1000 [ 499.246139][ T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.320179][ T5951] Bluetooth: hci2: command 0x041b tx timeout [ 499.327919][ T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.380526][ T6011] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 499.394098][T15104] chnl_net:caif_netlink_parms(): no params data found [ 499.476978][T15104] bridge0: port 1(bridge_slave_0) entered blocking state [ 499.479409][T15104] bridge0: port 1(bridge_slave_0) entered disabled state [ 499.482697][T15104] bridge_slave_0: entered allmulticast mode [ 499.485315][T15104] bridge_slave_0: entered promiscuous mode [ 499.488357][T15104] bridge0: port 2(bridge_slave_1) entered blocking state [ 499.491454][T15104] bridge0: port 2(bridge_slave_1) entered disabled state [ 499.493691][T15104] bridge_slave_1: entered allmulticast mode [ 499.496348][T15104] bridge_slave_1: entered promiscuous mode [ 499.533382][ T6011] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 499.537462][ T6011] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 499.542041][T15104] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 499.543116][ T6011] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 499.547762][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 499.552212][T15104] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 499.556146][T15114] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 499.561671][ T6011] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 499.598208][T15104] team0: Port device team_slave_0 added [ 500.225323][ T46] bond1 (unregistering): Released all slaves [ 500.366548][T15104] team0: Port device team_slave_1 added [ 500.394297][T15138] program syz.3.2316 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 500.408299][T15104] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 500.410586][T15104] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 500.418270][T15104] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 500.427781][T15104] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 500.429868][T15104] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 500.460540][T15104] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 500.518569][T15104] hsr_slave_0: entered promiscuous mode [ 500.522383][T15104] hsr_slave_1: entered promiscuous mode [ 500.524684][T15104] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 500.527092][T15104] Cannot create hsr debugfs directory [ 500.828293][ T46] hsr_slave_0: left promiscuous mode [ 500.852844][T15155] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 500.854000][ T46] veth1_macvtap: left promiscuous mode [ 500.855713][T15155] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 500.857454][ T46] veth0_macvtap: left promiscuous mode [ 500.862475][ T46] veth1_vlan: left allmulticast mode [ 500.864190][ T46] veth1_vlan: left promiscuous mode [ 500.865869][ T46] veth0_vlan: left promiscuous mode [ 500.916653][ T46] pimreg (unregistering): left allmulticast mode [ 500.922236][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 500.924342][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 500.930273][ T5951] Bluetooth: hci0: command tx timeout [ 501.401364][ T5951] Bluetooth: hci2: command 0x041b tx timeout [ 501.749472][T15157] netlink: 'syz.3.2322': attribute type 10 has an invalid length. [ 501.906215][ T6011] usb 6-1: USB disconnect, device number 41 [ 502.093084][T15157] veth0_vlan: left promiscuous mode [ 502.100725][T15157] veth0_vlan: entered promiscuous mode [ 502.228058][T15157] team0: Device veth0_vlan failed to register rx_handler [ 502.427398][T15104] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 502.433466][T15104] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 502.437564][T15104] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 502.449777][T15104] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 502.503035][T15104] 8021q: adding VLAN 0 to HW filter on device bond0 [ 502.513036][T15104] 8021q: adding VLAN 0 to HW filter on device team0 [ 502.531989][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 502.534931][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 502.538686][ T81] bridge0: port 2(bridge_slave_1) entered blocking state [ 502.541581][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state [ 502.683325][T15104] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 502.715511][T15104] veth0_vlan: entered promiscuous mode [ 502.720960][T15104] veth1_vlan: entered promiscuous mode [ 502.734300][T15104] veth0_macvtap: entered promiscuous mode [ 502.737987][T15104] veth1_macvtap: entered promiscuous mode [ 502.746318][T15104] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 502.753389][T15104] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 502.757014][T15104] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.760280][T15104] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.763100][T15104] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.766123][T15104] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.824132][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 502.829707][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 502.833924][T15197] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 502.851260][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 502.861360][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 502.911436][ T81] Bluetooth: Error in BCSP hdr checksum [ 503.000260][ T5950] Bluetooth: hci0: command tx timeout [ 503.101311][T15204] 9pnet_fd: Insufficient options for proto=fd [ 503.254581][ T1136] Bluetooth: Error in BCSP hdr checksum [ 503.420372][T15211] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 503.430926][ T8232] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 503.490855][ T5950] Bluetooth: hci2: command 0x041b tx timeout [ 503.521450][T15219] rdma_rxe: rxe_newlink: failed to add lo [ 503.523646][T15219] netlink: 'syz.2.2334': attribute type 4 has an invalid length. [ 503.527656][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 503.527666][ T40] audit: type=1326 audit(1749491408.779:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15217 comm="syz.2.2334" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf710e579 code=0x0 [ 503.581506][ T8232] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 503.585202][ T8232] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 503.588360][ T8232] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 503.592272][ T8232] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.599035][T15207] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 503.603025][ T8232] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 504.690198][ T5950] Bluetooth: hci4: command 0x1003 tx timeout [ 504.690216][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 505.080198][ T5951] Bluetooth: hci0: command tx timeout [ 505.560440][ T5951] Bluetooth: hci2: command 0x041b tx timeout [ 505.938940][ T6011] usb 5-1: USB disconnect, device number 42 [ 506.185224][T15243] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 506.625308][T15250] infiniband [yz1: RDMA CMA: cma_listen_on_dev, error -98 [ 506.641874][T15257] FAULT_INJECTION: forcing a failure. [ 506.641874][T15257] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 506.645942][T15257] CPU: 1 UID: 0 PID: 15257 Comm: syz.3.2344 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 506.645957][T15257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 506.645964][T15257] Call Trace: [ 506.645968][T15257] [ 506.645973][T15257] dump_stack_lvl+0x16c/0x1f0 [ 506.646010][T15257] should_fail_ex+0x512/0x640 [ 506.646032][T15257] _copy_from_user+0x2e/0xd0 [ 506.646050][T15257] move_addr_to_kernel+0x65/0x170 [ 506.646065][T15257] __sys_bind+0x11b/0x260 [ 506.646079][T15257] ? __pfx___sys_bind+0x10/0x10 [ 506.646092][T15257] ? __fget_files+0x20e/0x3c0 [ 506.646111][T15257] ? __pfx_ksys_write+0x10/0x10 [ 506.646129][T15257] __ia32_sys_bind+0x71/0xb0 [ 506.646142][T15257] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 506.646159][T15257] __do_fast_syscall_32+0x7c/0x3a0 [ 506.646170][T15257] do_fast_syscall_32+0x32/0x80 [ 506.646181][T15257] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 506.646198][T15257] RIP: 0023:0xf7f53579 [ 506.646207][T15257] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 506.646217][T15257] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000169 [ 506.646228][T15257] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 506.646234][T15257] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 506.646240][T15257] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 506.646246][T15257] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 506.646252][T15257] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 506.646265][T15257] [ 506.905494][T15262] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 507.160208][ T5951] Bluetooth: hci0: command tx timeout [ 507.596493][T15281] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 507.640438][ T5951] Bluetooth: hci2: command 0x041b tx timeout [ 508.705905][T15306] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 509.380105][ T8232] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 509.493261][T15321] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 509.496398][T15321] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 509.499860][T15321] vhci_hcd vhci_hcd.0: Device attached [ 509.502753][T15323] vhci_hcd: connection closed [ 509.502937][ T1136] vhci_hcd: stop threads [ 509.505855][ T1136] vhci_hcd: release socket [ 509.507239][ T1136] vhci_hcd: disconnect device [ 509.564321][ T8232] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 509.567570][ T8232] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 509.570832][ T8232] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 509.574021][ T8232] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.578009][T15315] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 509.583590][ T8232] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 509.730114][ T6011] usb 8-1: new full-speed USB device number 53 using dummy_hcd [ 509.820389][ T24] usb 5-1: new full-speed USB device number 43 using dummy_hcd [ 509.881923][ T6011] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 509.885493][ T6011] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 509.889498][ T6011] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 509.892797][ T6011] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.897255][ T6011] usb 8-1: config 0 descriptor?? [ 509.981973][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 509.986183][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 509.991132][ T24] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 509.994575][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.999545][ T24] usb 5-1: config 0 descriptor?? [ 510.004798][ T24] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 510.188750][ T6011] usbhid 8-1:0.0: can't add hid device: -71 [ 510.191792][ T6011] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 510.199616][ T6011] usb 8-1: USB disconnect, device number 53 [ 510.416152][T15333] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 511.100927][T15342] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 511.883869][ T6011] usb 7-1: USB disconnect, device number 28 [ 512.143789][T15357] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2364'. [ 512.171630][T15357] batadv1: entered allmulticast mode [ 512.320322][ T6011] usb 7-1: new full-speed USB device number 29 using dummy_hcd [ 512.511787][ T6011] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 512.514813][ T6011] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 512.521847][ T6011] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 512.524614][ T6011] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.526943][ T6011] usb 7-1: Product: syz [ 512.528186][ T6011] usb 7-1: Manufacturer: syz [ 512.529550][ T6011] usb 7-1: SerialNumber: syz [ 512.537312][ T6011] hub 7-1:1.0: bad descriptor, ignoring hub [ 512.539232][ T6011] hub 7-1:1.0: probe with driver hub failed with error -5 [ 512.595996][ T24] usb 5-1: USB disconnect, device number 43 [ 512.754097][ T6011] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 29 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 512.780863][ T6011] usb 7-1: USB disconnect, device number 29 [ 512.784971][ T6011] usblp0: removed [ 512.797375][T15368] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 513.200137][ T29] usb 8-1: new full-speed USB device number 54 using dummy_hcd [ 513.351520][ T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 513.359066][ T29] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 513.364392][ T29] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 513.366910][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.371411][ T29] usb 8-1: config 0 descriptor?? [ 513.585878][ T29] usbhid 8-1:0.0: can't add hid device: -71 [ 513.587952][ T29] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 513.591638][ T29] usb 8-1: USB disconnect, device number 54 [ 513.625499][T15395] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 513.919329][T15404] mac80211_hwsim hwsim20 wlan1: entered allmulticast mode [ 513.949256][T15404] netlink: 'syz.0.2376': attribute type 1 has an invalid length. [ 513.952609][T15404] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2376'. [ 514.038413][T15410] bridge_slave_0: left allmulticast mode [ 514.041440][T15410] bridge_slave_0: left promiscuous mode [ 514.046500][T15410] bridge0: port 1(bridge_slave_0) entered disabled state [ 514.062630][T15410] bridge_slave_1: left allmulticast mode [ 514.065655][T15410] bridge_slave_1: left promiscuous mode [ 514.069738][T15410] bridge0: port 2(bridge_slave_1) entered disabled state [ 514.091329][T15410] bond0: (slave bond_slave_0): Releasing backup interface [ 514.107703][T15410] bond0: (slave bond_slave_1): Releasing backup interface [ 514.143324][T15410] team0: Port device team_slave_0 removed [ 514.158511][T15410] team0: Port device team_slave_1 removed [ 514.166208][T15410] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 514.169677][T15410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 514.170172][ T29] usb 8-1: new high-speed USB device number 55 using dummy_hcd [ 514.190335][T15410] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 514.193935][T15410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 514.341810][ T29] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 514.345543][ T29] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 514.351272][ T29] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 514.354463][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.359739][T15408] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 514.364497][ T29] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 514.505706][T15416] netlink: 'syz.2.2379': attribute type 3 has an invalid length. [ 514.508945][T15416] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2379'. [ 514.600206][ T6067] usb 6-1: new full-speed USB device number 42 using dummy_hcd [ 514.771221][T15420] netlink: 'syz.2.2379': attribute type 10 has an invalid length. [ 514.793794][T15420] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 514.901556][ T6067] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 514.905461][ T6067] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 514.910448][ T6067] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 514.913862][ T6067] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.918162][ T6067] usb 6-1: config 0 descriptor?? [ 514.922049][ T6067] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 515.588770][T15430] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 516.000109][ T9] usb 5-1: new full-speed USB device number 44 using dummy_hcd [ 516.181580][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 516.185083][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 516.189120][ T9] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 516.192986][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.197084][ T9] usb 5-1: config 0 descriptor?? [ 516.453842][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 516.456002][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 516.460336][ T9] usb 5-1: USB disconnect, device number 44 [ 516.664387][ T1325] usb 8-1: USB disconnect, device number 55 [ 516.739769][T15450] tmpfs: Unknown parameter 'H’¤øÍ[Ê' [ 516.748035][T15441] binder: 15438:15441 ioctl c0046209 0 returned -22 [ 516.764009][ T40] audit: type=1107 audit(1749491422.019:254): pid=15448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 516.808028][T15449] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 517.386052][ T29] usb 6-1: USB disconnect, device number 42 [ 517.516086][T15466] netlink: 'syz.1.2391': attribute type 3 has an invalid length. [ 517.518411][T15466] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2391'. [ 517.765402][T15472] netlink: 'syz.1.2391': attribute type 10 has an invalid length. [ 517.961322][T15477] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 518.330133][ T29] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 518.501190][ T29] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 518.515380][ T29] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 518.518326][ T29] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 518.521148][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.554771][T15483] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 518.558592][ T29] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 519.000152][ T6067] usb 8-1: new full-speed USB device number 56 using dummy_hcd [ 519.120139][ T29] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 519.151652][ T6067] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 519.154908][ T6067] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 519.158662][ T6067] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 519.161393][ T6067] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.165056][ T6067] usb 8-1: config 0 descriptor?? [ 519.271387][ T29] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 519.274794][ T29] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 519.277757][ T29] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 519.280515][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.284530][T15501] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 519.288359][ T29] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 519.375299][ T6067] usbhid 8-1:0.0: can't add hid device: -71 [ 519.377230][ T6067] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 519.382149][ T6067] usb 8-1: USB disconnect, device number 56 [ 519.505213][T15507] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 520.890170][ T53] usb 7-1: USB disconnect, device number 30 [ 521.115650][T15530] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 521.238339][T15534] netlink: 'syz.3.2405': attribute type 3 has an invalid length. [ 521.240870][T15534] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2405'. [ 521.452953][T15537] netlink: 'syz.3.2405': attribute type 10 has an invalid length. [ 521.652965][ T29] usb 5-1: USB disconnect, device number 45 [ 522.026347][T15546] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 522.395813][T15564] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 523.055040][T15576] 9pnet_fd: Insufficient options for proto=fd [ 523.463998][ T29] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 523.702729][ T53] usb 8-1: new high-speed USB device number 57 using dummy_hcd [ 523.708140][T15586] 9pnet_fd: Insufficient options for proto=fd [ 523.722584][ T29] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 523.725548][ T29] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 523.728257][ T29] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 523.731056][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.735413][T15578] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 523.738919][ T29] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 523.863934][ T53] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 523.868429][ T53] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 523.873238][ T53] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 523.877175][ T53] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 523.881246][ T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.888853][T15583] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 523.896108][ T53] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 524.000152][ T10] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 524.125202][T15582] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 524.128996][T15582] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 524.181938][ T10] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 524.185271][ T10] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 524.188279][ T10] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 524.191190][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.196115][T15586] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 524.200943][ T10] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 524.364268][T15599] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 525.373809][T15607] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 525.900200][ T29] usb 6-1: USB disconnect, device number 43 [ 526.111594][T15613] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 526.542532][ T53] usb 7-1: USB disconnect, device number 31 [ 526.751868][T15624] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 526.923520][ T29] usb 8-1: USB disconnect, device number 57 [ 527.363288][T15638] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 527.586535][T15645] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 528.073491][T15652] netlink: 'syz.0.2426': attribute type 3 has an invalid length. [ 528.076735][T15652] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2426'. [ 528.364198][T15655] netlink: 'syz.0.2426': attribute type 10 has an invalid length. [ 528.367689][T15655] mac80211_hwsim hwsim20 wlan1: left allmulticast mode [ 528.384455][T15655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 528.395192][T15655] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 528.988495][T15662] random: crng reseeded on system resumption [ 529.247022][T15668] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 529.268208][T15658] 9pnet_fd: Insufficient options for proto=fd [ 529.580210][ T29] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 529.732800][ T29] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 529.738995][ T29] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 529.744697][ T29] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 529.750209][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.757148][T15663] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 529.762113][ T29] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 530.442121][ T1325] libceph: connect (1)[c::]:6789 error -101 [ 530.444792][ T1325] libceph: mon0 (1)[c::]:6789 connect error [ 530.520337][ T29] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 530.670102][ T29] usb 7-1: Using ep0 maxpacket: 32 [ 530.674732][ T29] usb 7-1: config 32 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 530.678397][ T29] usb 7-1: config 32 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 530.681485][ T29] usb 7-1: config 32 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 530.685673][ T29] usb 7-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 530.688600][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.700352][ T1325] libceph: connect (1)[c::]:6789 error -101 [ 530.702205][ T1325] libceph: mon0 (1)[c::]:6789 connect error [ 530.996724][T15701] random: crng reseeded on system resumption [ 531.185870][T15696] ceph: No mds server is up or the cluster is laggy [ 531.327901][T15704] netlink: 'syz.0.2440': attribute type 2 has an invalid length. [ 531.336022][T15704] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 531.348813][ T29] usbhid 7-1:32.0: can't add hid device: -71 [ 531.350984][ T29] usbhid 7-1:32.0: probe with driver usbhid failed with error -71 [ 531.354449][ T29] usb 7-1: USB disconnect, device number 32 [ 531.585854][T15709] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2441'. [ 531.869512][ T29] usb 6-1: USB disconnect, device number 44 [ 532.132445][T15725] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 532.748089][T15738] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 533.176782][T15748] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 533.287072][T15754] 9pnet_fd: Insufficient options for proto=fd [ 533.625415][ T6011] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 533.668905][T15759] xt_CT: You must specify a L4 protocol and not use inversions on it [ 533.793058][ T6011] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 533.797886][ T6011] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 533.810191][ T6011] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 533.813672][ T6011] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.821944][T15755] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 533.826278][ T6011] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 534.072997][T15766] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 534.789523][T15783] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 535.026387][T15795] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 535.845408][T15812] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2463'. [ 536.010122][ T6011] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 536.136543][ T53] usb 7-1: USB disconnect, device number 33 [ 536.295373][T15813] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 536.297258][ T6011] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 536.304385][ T6011] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 536.307440][ T6011] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 536.310374][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.314860][T15804] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 536.318668][ T6011] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 536.588674][ T53] usb 6-1: USB disconnect, device number 45 [ 537.064459][ T29] usb 5-1: new full-speed USB device number 46 using dummy_hcd [ 537.271521][ T29] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 537.275513][ T29] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 537.278283][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 537.282301][ T29] usb 5-1: config 0 descriptor?? [ 537.285515][ T29] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 537.791365][T15847] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 537.841077][T15850] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 537.950172][ T29] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 538.101666][ T29] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 538.105149][ T29] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 538.110186][ T29] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 538.117850][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.125435][T15843] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 538.130643][ T29] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 538.512475][T15861] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 539.141805][T15877] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 539.483196][T15883] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2477'. [ 539.799174][ T6067] usb 5-1: USB disconnect, device number 46 [ 539.930126][T15893] netlink: 'syz.3.2480': attribute type 3 has an invalid length. [ 539.932695][T15893] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2480'. [ 540.162621][T15897] netlink: 'syz.3.2480': attribute type 10 has an invalid length. [ 540.402172][ T6011] usb 7-1: USB disconnect, device number 34 [ 540.540160][ T29] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 540.699025][T15910] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2485'. [ 540.721599][ T29] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 540.726910][ T29] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 540.730201][ T29] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 540.733389][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.806561][T15888] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 540.810749][ T29] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 541.016410][ T29] usb 5-1: USB disconnect, device number 47 [ 541.048440][T15921] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 541.070267][ T6067] usb 7-1: new full-speed USB device number 35 using dummy_hcd [ 541.232792][ T6067] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 541.238464][ T6067] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 541.242555][ T6067] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.248104][ T6067] usb 7-1: config 0 descriptor?? [ 541.253518][ T6067] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 542.130584][ T54] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 542.197244][T15950] netlink: 'syz.0.2496': attribute type 3 has an invalid length. [ 542.199700][T15950] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2496'. [ 542.302146][ T54] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 542.306640][ T54] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 542.309646][ T54] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 542.312757][ T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.316978][T15925] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 542.321010][ T54] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 542.432214][T15953] netlink: 'syz.0.2496': attribute type 10 has an invalid length. [ 542.612388][T15948] netlink: 'syz.3.2494': attribute type 4 has an invalid length. [ 543.545276][ T5951] Bluetooth: unknown link type 108 [ 543.547054][ T5951] Bluetooth: hci0: connection err: -111 [ 543.690183][ T29] usb 8-1: new high-speed USB device number 58 using dummy_hcd [ 543.816734][ T6067] usb 7-1: USB disconnect, device number 35 [ 543.842160][ T29] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 543.846569][ T29] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 543.850610][ T29] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 543.854269][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.862262][T15961] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 543.880736][ T29] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 544.104977][ T29] usb 8-1: USB disconnect, device number 58 [ 544.504638][ T29] usb 6-1: USB disconnect, device number 46 [ 544.526513][T15986] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2505'. [ 544.668066][T15992] netlink: 'syz.3.2507': attribute type 3 has an invalid length. [ 544.670867][T15992] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2507'. [ 544.911526][T15997] netlink: 'syz.3.2507': attribute type 10 has an invalid length. [ 544.957056][T15993] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 545.252244][T16004] mac80211_hwsim hwsim20 wlan1: entered allmulticast mode [ 545.467272][T16006] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.471296][T16006] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.474185][T16006] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.478669][T16006] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.576541][T16006] bond0: (slave wlan1): Releasing backup interface [ 545.800158][ T1457] usb 6-1: new full-speed USB device number 47 using dummy_hcd [ 545.951395][ T1457] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 545.955438][ T1457] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 545.958183][ T1457] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.970871][ T1457] usb 6-1: config 0 descriptor?? [ 545.975040][ T1457] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 546.082174][T16028] binder: 16027:16028 ioctl c0306201 800003c0 returned -14 [ 546.119941][T16030] FAULT_INJECTION: forcing a failure. [ 546.119941][T16030] name failslab, interval 1, probability 0, space 0, times 0 [ 546.124437][T16030] CPU: 1 UID: 0 PID: 16030 Comm: syz.0.2516 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 546.124460][T16030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 546.124472][T16030] Call Trace: [ 546.124493][T16030] [ 546.124499][T16030] dump_stack_lvl+0x16c/0x1f0 [ 546.124532][T16030] should_fail_ex+0x512/0x640 [ 546.124552][T16030] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 546.124574][T16030] should_failslab+0xc2/0x120 [ 546.124589][T16030] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 546.124609][T16030] ? __d_alloc+0x31/0xaa0 [ 546.124632][T16030] __d_alloc+0x31/0xaa0 [ 546.124650][T16030] ? __d_lookup+0x266/0x4a0 [ 546.124667][T16030] d_alloc+0x4a/0x1e0 [ 546.124688][T16030] lookup_one_qstr_excl_raw.part.0+0x96/0x160 [ 546.124703][T16030] ? lookup_dcache+0x66/0x170 [ 546.124718][T16030] lookup_one_qstr_excl+0x3e/0x120 [ 546.124735][T16030] filename_create+0x1e7/0x4a0 [ 546.124752][T16030] ? __pfx_filename_create+0x10/0x10 [ 546.124773][T16030] ? __might_fault+0xe3/0x190 [ 546.124792][T16030] ? __might_fault+0xe3/0x190 [ 546.124810][T16030] ? __might_fault+0x13b/0x190 [ 546.124831][T16030] do_mknodat+0x18a/0x5d0 [ 546.124852][T16030] ? __pfx_do_mknodat+0x10/0x10 [ 546.124869][T16030] ? getname_flags.part.0+0x1c5/0x550 [ 546.124888][T16030] __ia32_sys_mknod+0x85/0xb0 [ 546.124908][T16030] __do_fast_syscall_32+0x7c/0x3a0 [ 546.124924][T16030] do_fast_syscall_32+0x32/0x80 [ 546.124937][T16030] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 546.124954][T16030] RIP: 0023:0xf704e579 [ 546.124966][T16030] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 546.124979][T16030] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 000000000000000e [ 546.124993][T16030] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000000002000 [ 546.125002][T16030] RDX: 0000000000000700 RSI: 0000000000000000 RDI: 0000000000000000 [ 546.125011][T16030] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 546.125019][T16030] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 546.125027][T16030] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 546.125046][T16030] [ 546.260909][ T29] usb 8-1: new high-speed USB device number 59 using dummy_hcd [ 546.431617][ T29] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 546.435689][ T29] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 546.439076][ T29] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 546.443549][ T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.447697][T16024] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 546.451592][ T29] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 546.550812][T16048] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2519'. [ 546.586925][T16047] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 547.069502][T16056] 9pnet_fd: Insufficient options for proto=fd [ 547.390174][ T53] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 547.427209][T16061] netlink: 'syz.0.2522': attribute type 3 has an invalid length. [ 547.429780][T16061] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2522'. [ 547.613189][ T53] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 547.616556][ T53] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 547.619740][ T53] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 547.623284][ T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.632695][T16058] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 547.653412][T16063] netlink: 'syz.0.2522': attribute type 10 has an invalid length. [ 547.655903][T16063] mac80211_hwsim hwsim20 wlan1: left allmulticast mode [ 547.663148][T16063] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 547.671820][ T53] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 548.547541][ T6067] usb 6-1: USB disconnect, device number 47 [ 548.601208][T16070] usb usb1: usbfs: process 16070 (syz.1.2525) did not claim interface 0 before use [ 548.611155][T16072] 9pnet_fd: Insufficient options for proto=fd [ 548.836774][ T53] usb 8-1: USB disconnect, device number 59 [ 549.044778][T16082] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 549.070145][ T29] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 549.232131][ T29] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 549.237883][ T29] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 549.241470][ T29] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 549.244431][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.248675][T16072] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 549.252576][ T29] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 549.940607][ T24] usb 7-1: USB disconnect, device number 36 [ 549.962711][T16092] netlink: 'syz.3.2531': attribute type 3 has an invalid length. [ 549.964057][T16086] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 549.965427][T16092] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2531'. [ 550.091551][T16097] netlink: 'syz.1.2532': attribute type 3 has an invalid length. [ 550.093971][T16097] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2532'. [ 550.468402][T16104] netlink: 'syz.1.2532': attribute type 10 has an invalid length. [ 550.568060][T16094] netlink: 'syz.3.2531': attribute type 10 has an invalid length. [ 551.402745][T16128] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 551.418478][ T29] usb 5-1: USB disconnect, device number 48 [ 551.477583][T16130] 9pnet_fd: Insufficient options for proto=fd [ 551.860177][ T8232] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 552.029417][ T8232] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 552.032909][ T8232] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 552.036006][ T8232] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 552.038876][ T8232] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.050291][T16131] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 552.057980][ T8232] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 552.163358][T16146] netlink: 'syz.3.2543': attribute type 3 has an invalid length. [ 552.166659][T16146] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2543'. [ 552.227911][T16140] syz.0.2541 (16140) used greatest stack depth: 17768 bytes left [ 552.437556][T16166] netlink: 'syz.3.2543': attribute type 10 has an invalid length. [ 552.813105][T16174] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 553.880183][ T5950] Bluetooth: hci0: command 0x0405 tx timeout [ 554.030125][ T6067] usb 7-1: new high-speed USB device number 37 using dummy_hcd [ 554.179930][T16195] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 554.182471][ T6067] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 554.189346][ T6067] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 554.192390][ T6067] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 554.195477][ T6067] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.200000][T16188] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 554.204610][ T6067] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 554.298174][ T8232] usb 6-1: USB disconnect, device number 48 [ 554.311029][T16200] vlan2: entered promiscuous mode [ 554.313175][T16200] bridge0: entered promiscuous mode [ 554.315726][T16200] vlan2: entered allmulticast mode [ 554.317998][T16200] bridge0: entered allmulticast mode [ 554.355071][T16202] random: crng reseeded on system resumption [ 554.405944][T16206] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2557'. [ 554.428495][T16208] netlink: 'syz.1.2558': attribute type 3 has an invalid length. [ 554.431007][T16208] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2558'. [ 554.587033][T16213] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 554.674241][T16215] netlink: 'syz.1.2558': attribute type 10 has an invalid length. [ 555.143016][T16221] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 555.873125][T16241] 9pnet_fd: Insufficient options for proto=fd [ 556.180201][ T53] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 556.221620][T16247] FAULT_INJECTION: forcing a failure. [ 556.221620][T16247] name failslab, interval 1, probability 0, space 0, times 0 [ 556.226301][T16247] CPU: 2 UID: 0 PID: 16247 Comm: syz.3.2566 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 556.226316][T16247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 556.226323][T16247] Call Trace: [ 556.226329][T16247] [ 556.226334][T16247] dump_stack_lvl+0x16c/0x1f0 [ 556.226355][T16247] should_fail_ex+0x512/0x640 [ 556.226372][T16247] ? __kmalloc_noprof+0xbf/0x510 [ 556.226399][T16247] ? nla_strdup+0xc6/0x150 [ 556.226410][T16247] should_failslab+0xc2/0x120 [ 556.226421][T16247] __kmalloc_noprof+0xd2/0x510 [ 556.226439][T16247] nla_strdup+0xc6/0x150 [ 556.226450][T16247] nf_tables_newtable+0xdeb/0x1b40 [ 556.226472][T16247] ? __pfx___nla_validate_parse+0x10/0x10 [ 556.226485][T16247] ? __pfx_nf_tables_newtable+0x10/0x10 [ 556.226503][T16247] ? __nla_parse+0x40/0x60 [ 556.226516][T16247] nfnetlink_rcv_batch+0x18ed/0x2330 [ 556.226538][T16247] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 556.226555][T16247] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 556.226569][T16247] ? kmalloc_reserve+0x18b/0x2c0 [ 556.226581][T16247] ? __alloc_skb+0x166/0x380 [ 556.226595][T16247] ? netlink_alloc_large_skb+0x69/0x130 [ 556.226607][T16247] ? netlink_sendmsg+0x6a1/0xdd0 [ 556.226653][T16247] ? __nla_parse+0x40/0x60 [ 556.226666][T16247] nfnetlink_rcv+0x3c1/0x430 [ 556.226680][T16247] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 556.226695][T16247] ? is_vmalloc_addr+0x86/0xa0 [ 556.226717][T16247] netlink_unicast+0x53d/0x7f0 [ 556.226739][T16247] ? __pfx_netlink_unicast+0x10/0x10 [ 556.226763][T16247] netlink_sendmsg+0x8d1/0xdd0 [ 556.226777][T16247] ? __pfx_netlink_sendmsg+0x10/0x10 [ 556.226791][T16247] ? __import_iovec+0x1dd/0x650 [ 556.226804][T16247] ____sys_sendmsg+0xa95/0xc70 [ 556.226823][T16247] ? __pfx_____sys_sendmsg+0x10/0x10 [ 556.226841][T16247] ? get_compat_msghdr+0x11a/0x170 [ 556.226870][T16247] ___sys_sendmsg+0x134/0x1d0 [ 556.226896][T16247] ? __pfx____sys_sendmsg+0x10/0x10 [ 556.226926][T16247] ? find_held_lock+0x2b/0x80 [ 556.226953][T16247] __sys_sendmsg+0x16d/0x220 [ 556.226969][T16247] ? __pfx___sys_sendmsg+0x10/0x10 [ 556.226995][T16247] ? rcu_is_watching+0x12/0xc0 [ 556.227015][T16247] __do_fast_syscall_32+0x7c/0x3a0 [ 556.227031][T16247] do_fast_syscall_32+0x32/0x80 [ 556.227043][T16247] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 556.227062][T16247] RIP: 0023:0xf7f53579 [ 556.227075][T16247] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 556.227090][T16247] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 556.227106][T16247] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 556.227116][T16247] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 556.227126][T16247] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 556.227135][T16247] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 556.227144][T16247] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 556.227160][T16247] [ 556.327255][ C2] vkms_vblank_simulate: vblank timer overrun [ 556.362491][ T53] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 556.366849][ T53] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 556.371014][ T53] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 556.374507][ T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.380597][T16241] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 556.386067][ T53] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 556.629038][ T5950] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 556.635587][ T5950] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 556.639055][ T5950] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 556.644291][ T5950] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 556.647722][ T5950] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 556.672310][ T34] usb 7-1: USB disconnect, device number 37 [ 556.710250][T16251] vxcan1 speed is unknown, defaulting to 1000 [ 556.796644][T16251] lo speed is unknown, defaulting to 1000 [ 556.901102][ T53] IPVS: starting estimator thread 0... [ 556.973726][T16258] mac80211_hwsim hwsim18 wlan1: entered allmulticast mode [ 557.000279][T16260] IPVS: using max 44 ests per chain, 105600 per kthread [ 557.090492][T16263] bridge_slave_0: left allmulticast mode [ 557.092822][T16263] bridge_slave_0: left promiscuous mode [ 557.094841][T16263] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.101806][T16263] bridge_slave_1: left allmulticast mode [ 557.104083][T16263] bridge_slave_1: left promiscuous mode [ 557.106125][T16263] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.117295][T16263] bond0: (slave bond_slave_0): Releasing backup interface [ 557.124633][T16263] bond0: (slave bond_slave_1): Releasing backup interface [ 557.137270][T16266] netlink: 'syz.2.2570': attribute type 10 has an invalid length. [ 557.165652][T16263] team0: Port device team_slave_0 removed [ 557.179425][T16263] team0: Port device team_slave_1 removed [ 557.182578][T16263] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 557.184901][T16263] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 557.189183][T16263] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 557.191879][T16263] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 557.216816][T16263] bond0: (slave wlan1): Releasing backup interface [ 557.246415][T16266] mac80211_hwsim hwsim18 wlan1: left allmulticast mode [ 557.255717][T16266] 8021q: adding VLAN 0 to HW filter on device bond0 [ 557.263525][T16266] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 557.274769][T16251] chnl_net:caif_netlink_parms(): no params data found [ 557.405479][T16251] bridge0: port 1(bridge_slave_0) entered blocking state [ 557.409577][T16251] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.412091][T16251] bridge_slave_0: entered allmulticast mode [ 557.414835][T16251] bridge_slave_0: entered promiscuous mode [ 557.418753][T16251] bridge0: port 2(bridge_slave_1) entered blocking state [ 557.421204][T16251] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.423713][T16251] bridge_slave_1: entered allmulticast mode [ 557.426392][T16251] bridge_slave_1: entered promiscuous mode [ 557.462714][T16251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 557.482443][T16251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 557.543498][T16251] team0: Port device team_slave_0 added [ 557.552591][T16251] team0: Port device team_slave_1 added [ 557.837550][T16282] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 557.942278][ T55] bond0 (unregistering): Released all slaves [ 558.022665][ T55] : left promiscuous mode [ 558.035431][T16251] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 558.037860][T16251] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 558.046430][T16251] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 558.051904][T16251] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 558.054586][T16251] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 558.066934][T16251] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 558.152393][T16251] hsr_slave_0: entered promiscuous mode [ 558.155381][T16251] hsr_slave_1: entered promiscuous mode [ 558.607639][ T55] hsr_slave_0: left promiscuous mode [ 558.611634][ T55] hsr_slave_1: left promiscuous mode [ 558.625096][T16289] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 558.651742][ T55] pimreg (unregistering): left allmulticast mode [ 558.680429][ T5949] Bluetooth: hci4: command tx timeout [ 558.703760][T16292] input: syz1 as /devices/virtual/input/input12 [ 558.720794][ T1457] usb 6-1: USB disconnect, device number 49 [ 559.940227][ T54] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 560.112946][ T54] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 560.116168][ T54] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 560.119174][ T54] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 560.122248][ T54] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.126398][T16304] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 560.130190][ T54] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 560.305436][ T1136] smc: removing ib device syz1 [ 560.410713][T16297] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2576'. [ 560.639905][T16251] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 560.646923][T16251] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 560.656897][T16251] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 560.667391][T16251] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 560.718949][T16251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 560.729429][T16251] 8021q: adding VLAN 0 to HW filter on device team0 [ 560.735590][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.737770][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 560.756002][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.758218][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 560.760199][ T5949] Bluetooth: hci4: command tx timeout [ 560.895642][T16339] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 560.970732][T16251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 560.997976][T16251] veth0_vlan: entered promiscuous mode [ 561.004787][T16251] veth1_vlan: entered promiscuous mode [ 561.023487][T16251] veth0_macvtap: entered promiscuous mode [ 561.028723][T16251] veth1_macvtap: entered promiscuous mode [ 561.042328][T16251] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 561.051095][T16251] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 561.056524][T16251] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.059319][T16251] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.066693][T16251] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.071633][T16251] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.113891][ T55] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.116373][ T55] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.133860][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.136605][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.193622][T16347] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2568'. [ 561.780119][ T53] usb 8-1: new high-speed USB device number 60 using dummy_hcd [ 561.885122][ T5951] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 561.889648][ T5951] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 561.894826][ T5951] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 561.897913][ T5951] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 561.901152][ T5951] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 561.953871][ T1136] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.962167][ T53] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 561.965694][ T53] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 561.968924][ T53] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 561.970359][T16360] lo speed is unknown, defaulting to 1000 [ 561.971915][ T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.987216][T16356] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 561.995434][ T53] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 562.036756][ T1136] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.126995][ T1136] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.217840][ T1136] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.227080][T16360] chnl_net:caif_netlink_parms(): no params data found [ 562.302934][T16360] bridge0: port 1(bridge_slave_0) entered blocking state [ 562.305218][T16360] bridge0: port 1(bridge_slave_0) entered disabled state [ 562.307482][T16360] bridge_slave_0: entered allmulticast mode [ 562.310924][T16360] bridge_slave_0: entered promiscuous mode [ 562.314917][T16360] bridge0: port 2(bridge_slave_1) entered blocking state [ 562.317137][T16360] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.319411][T16360] bridge_slave_1: entered allmulticast mode [ 562.322702][T16360] bridge_slave_1: entered promiscuous mode [ 562.362356][T16360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 562.367023][T16360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 562.371903][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.380123][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.406638][T16360] team0: Port device team_slave_0 added [ 562.411774][T16360] team0: Port device team_slave_1 added [ 562.463135][T16360] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 562.465314][T16360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 562.475494][T16360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 562.479756][T16360] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 562.482046][T16360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 562.489858][T16360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 562.563958][ T53] usb 5-1: USB disconnect, device number 49 [ 562.840220][ T5951] Bluetooth: hci4: command tx timeout [ 562.842514][ T1136] bond0 (unregistering): Released all slaves [ 562.876128][ T1136] bond1 (unregistering): Released all slaves [ 562.906774][ T1136] bond2 (unregistering): Released all slaves [ 562.975474][T16360] hsr_slave_0: entered promiscuous mode [ 562.977768][T16360] hsr_slave_1: entered promiscuous mode [ 562.979851][T16360] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 563.018405][T16360] Cannot create hsr debugfs directory [ 563.445583][ T1136] hsr_slave_0: left promiscuous mode [ 563.454234][ T1136] hsr_slave_1: left promiscuous mode [ 563.500841][ T1136] veth1_macvtap: left promiscuous mode [ 563.502756][ T1136] veth0_macvtap: left promiscuous mode [ 563.504569][ T1136] veth1_vlan: left promiscuous mode [ 563.506676][ T1136] veth0_vlan: left promiscuous mode [ 563.597709][T16391] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 563.962016][ T5951] Bluetooth: hci1: command tx timeout [ 564.318477][ T29] usb 8-1: USB disconnect, device number 60 [ 564.927533][ T5951] Bluetooth: hci4: command tx timeout [ 564.967282][T16326] smc: removing ib device syz0 [ 564.978164][ T53] lo speed is unknown, defaulting to 1000 [ 564.980891][ T53] syz0: Port: 1 Link DOWN [ 565.318547][T16360] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 565.340133][ T1325] usb 7-1: new full-speed USB device number 38 using dummy_hcd [ 565.346462][T16360] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 565.362266][T16360] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 565.389367][T16360] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 565.447935][T16360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 565.465290][T16360] 8021q: adding VLAN 0 to HW filter on device team0 [ 565.470213][ T1325] usb 7-1: device descriptor read/64, error -71 [ 565.474994][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 565.477468][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 565.485729][T16326] bridge0: port 2(bridge_slave_1) entered blocking state [ 565.488474][T16326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 565.588887][T16422] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 565.705456][T16360] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 565.734904][T16360] veth0_vlan: entered promiscuous mode [ 565.741253][T16360] veth1_vlan: entered promiscuous mode [ 565.760170][T16360] veth0_macvtap: entered promiscuous mode [ 565.764177][T16360] veth1_macvtap: entered promiscuous mode [ 565.775099][T16360] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 565.786473][T16360] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 565.790163][ T1325] usb 7-1: new full-speed USB device number 39 using dummy_hcd [ 565.807459][T16360] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.812041][T16360] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.815056][T16360] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.817900][T16360] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.920160][ T1325] usb 7-1: device descriptor read/64, error -71 [ 566.032684][ T1325] usb usb7-port1: attempt power cycle [ 566.044520][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 566.047010][ T5949] Bluetooth: hci1: command tx timeout [ 566.047088][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 566.074149][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 566.077061][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 566.220358][T16326] Bluetooth: Error in BCSP hdr checksum [ 566.372100][ T1325] usb 7-1: new full-speed USB device number 40 using dummy_hcd [ 566.403458][ T1325] usb 7-1: device descriptor read/8, error -71 [ 566.507585][T16439] binder: 16437:16439 ioctl c0046209 0 returned -22 [ 566.507676][T16446] program syz.3.2602 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 566.660149][ T1325] usb 7-1: new full-speed USB device number 41 using dummy_hcd [ 566.687460][ T1325] usb 7-1: device descriptor read/8, error -71 [ 566.775013][T16451] 9pnet_fd: Insufficient options for proto=fd [ 566.790399][ T1325] usb usb7-port1: unable to enumerate USB device [ 567.156666][T16457] netlink: 'syz.1.2604': attribute type 3 has an invalid length. [ 567.159170][T16457] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2604'. [ 567.300172][ T53] usb 8-1: new high-speed USB device number 61 using dummy_hcd [ 567.390408][T16459] netlink: 'syz.1.2604': attribute type 10 has an invalid length. [ 567.419636][T16459] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 567.473642][ T53] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 567.477317][ T53] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 567.480738][ T53] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 567.483850][ T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.494302][T16454] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 567.503792][ T53] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 568.050265][ T5951] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 568.050275][ T5949] Bluetooth: hci3: command 0x1003 tx timeout [ 568.130291][ T5951] Bluetooth: hci1: command tx timeout [ 568.399514][T16465] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 568.486445][T16475] 9pnet_fd: Insufficient options for proto=fd [ 568.830262][ T8232] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 569.051845][ T8232] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 569.055331][ T8232] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 569.058417][ T8232] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 569.061436][ T8232] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.065634][T16477] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 569.069405][ T8232] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 569.510163][ T8232] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 569.607914][ T29] usb 8-1: USB disconnect, device number 61 [ 569.701381][ T8232] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 569.704979][ T8232] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 569.708034][ T8232] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 569.711073][ T8232] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.715371][T16490] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 569.719114][ T8232] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 569.877902][T16504] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 570.130874][ T24] usb 8-1: new full-speed USB device number 62 using dummy_hcd [ 570.210166][ T5951] Bluetooth: hci1: command tx timeout [ 570.271340][ T24] usb 8-1: device descriptor read/64, error -71 [ 570.540173][ T24] usb 8-1: new full-speed USB device number 63 using dummy_hcd [ 570.680144][ T24] usb 8-1: device descriptor read/64, error -71 [ 570.790430][ T24] usb usb8-port1: attempt power cycle [ 571.130212][ T24] usb 8-1: new full-speed USB device number 64 using dummy_hcd [ 571.150540][ T24] usb 8-1: device descriptor read/8, error -71 [ 571.323579][ T8232] usb 5-1: USB disconnect, device number 50 [ 571.400278][ T24] usb 8-1: new full-speed USB device number 65 using dummy_hcd [ 571.421069][ T24] usb 8-1: device descriptor read/8, error -71 [ 571.532329][ T24] usb usb8-port1: unable to enumerate USB device [ 571.996549][T15086] usb 7-1: USB disconnect, device number 42 [ 572.462204][T16530] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 572.870333][T16411] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 573.032352][T16411] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 573.036250][T16411] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 573.042179][T16411] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 573.045265][T16411] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.049880][T16535] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 573.053758][T16411] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 573.438597][T16549] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 574.083596][T16557] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 574.558251][T16565] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 575.278196][T16576] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 575.399592][ T1457] usb 6-1: USB disconnect, device number 50 [ 575.650211][T16411] usb 5-1: new full-speed USB device number 51 using dummy_hcd [ 575.811298][T16411] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 575.814637][T16411] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 575.817480][T16411] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 575.820650][T16411] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.824367][T16411] usb 5-1: config 0 descriptor?? [ 576.033006][T15086] usb 5-1: USB disconnect, device number 51 [ 576.454339][T16609] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2634'. [ 576.570162][T16411] usb 7-1: new high-speed USB device number 43 using dummy_hcd [ 576.634512][T16614] netlink: 'syz.1.2635': attribute type 3 has an invalid length. [ 576.636901][T16614] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2635'. [ 576.733309][T16612] sp0: Synchronizing with TNC [ 576.764792][T16411] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 576.769316][T16411] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 576.774273][T16411] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 576.778449][T16411] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 576.782493][T16411] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.788866][T16604] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 576.794802][T16411] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 576.964237][T16616] netlink: 'syz.1.2635': attribute type 10 has an invalid length. [ 577.045031][T16601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.047830][T16601] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 577.129865][T16619] netlink: 'syz.3.2636': attribute type 3 has an invalid length. [ 577.134032][T16619] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2636'. [ 577.543982][T16620] netlink: 'syz.3.2636': attribute type 10 has an invalid length. [ 577.561845][T16620] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 577.937964][T16628] 9pnet_fd: Insufficient options for proto=fd [ 578.260148][ T9] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 578.411810][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 578.415444][ T9] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 578.418714][ T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 578.422139][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.426987][T16628] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 578.431202][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 579.215037][T16411] usb 7-1: USB disconnect, device number 43 [ 579.223530][T16647] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 579.890150][T16411] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 580.071861][T16411] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 580.076377][T16411] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 580.080637][T16411] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 580.084268][T16411] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.090536][T16660] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 580.095287][T16411] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 580.255783][T16673] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 580.634695][ T8232] usb 5-1: USB disconnect, device number 52 [ 581.250851][ T8232] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 581.255971][T16685] netlink: 'syz.3.2647': attribute type 3 has an invalid length. [ 581.258427][T16685] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2647'. [ 581.423278][ T8232] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 581.426859][ T8232] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 581.430184][ T8232] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 581.433174][ T8232] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.442125][T16682] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 581.450385][ T8232] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 581.513864][T16687] netlink: 'syz.3.2647': attribute type 10 has an invalid length. [ 582.323716][T15086] usb 7-1: USB disconnect, device number 44 [ 582.352302][T16689] netlink: 'syz.2.2648': attribute type 3 has an invalid length. [ 582.354790][T16689] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2648'. [ 582.859199][T16696] netlink: 'syz.2.2648': attribute type 10 has an invalid length. [ 583.130266][ T1457] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 583.302392][ T1457] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 583.306776][ T1457] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 583.311134][ T1457] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 583.314740][ T1457] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.322034][T16695] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 583.332304][ T1457] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 583.374186][T16710] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2649'. [ 583.614692][T16705] sp1: Synchronizing with TNC [ 583.753551][ T29] usb 5-1: USB disconnect, device number 53 [ 584.398494][T16727] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 585.342063][T16735] netlink: 'syz.0.2669': attribute type 3 has an invalid length. [ 585.344501][T16735] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2669'. [ 585.536641][ T29] usb 6-1: USB disconnect, device number 51 [ 585.659185][T16742] netlink: 'syz.0.2669': attribute type 10 has an invalid length. [ 585.663127][T15086] IPVS: starting estimator thread 0... [ 585.850085][T16743] IPVS: using max 44 ests per chain, 105600 per kthread [ 585.928073][T16745] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 586.102461][T16754] mac80211_hwsim hwsim22 wlan1: entered allmulticast mode [ 586.182937][T16755] bridge_slave_0: left allmulticast mode [ 586.184929][T16755] bridge_slave_0: left promiscuous mode [ 586.186877][T16755] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.229530][T16757] netlink: 'syz.3.2658': attribute type 10 has an invalid length. [ 586.508068][T16755] bridge_slave_1: left allmulticast mode [ 586.509920][T16755] bridge_slave_1: left promiscuous mode [ 586.513294][T16755] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.533411][T16755] bond0: (slave bond_slave_0): Releasing backup interface [ 586.538180][T16755] bond0: (slave bond_slave_1): Releasing backup interface [ 586.551340][T16755] team0: Port device team_slave_0 removed [ 586.559520][T16755] team0: Port device team_slave_1 removed [ 586.562761][T16755] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 586.565111][T16755] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 586.568266][T16755] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 586.572039][T16755] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 586.579547][T16755] bond0: (slave wlan1): Releasing backup interface [ 586.650246][T16757] mac80211_hwsim hwsim22 wlan1: left allmulticast mode [ 586.662451][T16757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 586.668165][T16757] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 586.670194][ T53] usb 7-1: new high-speed USB device number 45 using dummy_hcd [ 586.821533][ T53] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 586.825105][ T53] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 586.828387][ T53] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 586.831402][ T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.836229][T16763] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 586.839970][ T53] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 587.173851][T16785] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 588.116945][T16797] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 588.220320][ T1452] usb 8-1: new full-speed USB device number 66 using dummy_hcd [ 588.412186][ T1452] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 588.415429][ T1452] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 588.419406][ T1452] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 588.422613][ T1452] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.426805][ T1452] usb 8-1: config 0 descriptor?? [ 588.431175][ T1452] usbhid 8-1:0.0: couldn't find an input interrupt endpoint [ 588.550124][ T1457] usb 5-1: new full-speed USB device number 54 using dummy_hcd [ 588.653163][ T6067] usb 8-1: USB disconnect, device number 66 [ 588.724153][ T1457] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 588.731503][ T1457] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 588.735667][ T1457] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 588.738405][ T1457] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.742794][ T1457] usb 5-1: config 0 descriptor?? [ 588.746673][ T1457] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 588.895472][T16810] mac80211_hwsim hwsim24 wlan1: entered allmulticast mode [ 588.982209][T16811] bridge_slave_0: left allmulticast mode [ 588.984673][T16811] bridge_slave_0: left promiscuous mode [ 588.987283][T16811] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.995892][T16811] bridge_slave_1: left allmulticast mode [ 588.997776][T16811] bridge_slave_1: left promiscuous mode [ 588.999924][T16811] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.009369][T16811] bond0: (slave bond_slave_0): Releasing backup interface [ 589.017592][T16811] bond0: (slave bond_slave_1): Releasing backup interface [ 589.021102][ T53] usb 5-1: USB disconnect, device number 54 [ 589.029034][T16812] netlink: 'syz.1.2677': attribute type 10 has an invalid length. [ 589.054431][T16811] team0: Port device team_slave_0 removed [ 589.065003][T16811] team0: Port device team_slave_1 removed [ 589.066306][T16814] netlink: 'syz.0.2678': attribute type 3 has an invalid length. [ 589.068251][T16811] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 589.069367][T16814] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2678'. [ 589.070248][ T6067] usb 8-1: new full-speed USB device number 67 using dummy_hcd [ 589.071951][T16811] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 589.081330][T16811] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 589.088808][T16811] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 589.110719][T16811] bond0: (slave wlan1): Releasing backup interface [ 589.221715][ T6067] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 589.224871][ T6067] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 589.229704][ T6067] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 589.230298][T16812] mac80211_hwsim hwsim24 wlan1: left allmulticast mode [ 589.232892][ T6067] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.241988][ T6067] usb 8-1: config 0 descriptor?? [ 589.246048][ T6067] usbhid 8-1:0.0: couldn't find an input interrupt endpoint [ 589.264027][T16812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 589.268242][T16812] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 589.281323][ T29] usb 7-1: USB disconnect, device number 45 [ 589.348824][T16817] netlink: 'syz.0.2678': attribute type 10 has an invalid length. [ 589.581171][ T1457] usb 8-1: USB disconnect, device number 67 [ 589.651185][T16825] netlink: 'syz.3.2680': attribute type 3 has an invalid length. [ 589.653636][T16825] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2680'. [ 590.114308][T16828] netlink: 'syz.3.2680': attribute type 10 has an invalid length. [ 590.380755][T16836] netlink: 'syz.2.2683': attribute type 2 has an invalid length. [ 590.386762][T16836] vxcan1 speed is unknown, defaulting to 1000 [ 590.393232][T16836] vxcan1 speed is unknown, defaulting to 1000 [ 590.397480][T16836] vxcan1 speed is unknown, defaulting to 1000 [ 590.575747][T16836] infiniband syz1: set active [ 590.577315][ T1457] vxcan1 speed is unknown, defaulting to 1000 [ 590.579242][T16836] infiniband syz1: added vxcan1 [ 590.606727][T16836] RDS/IB: syz1: added [ 590.609834][T16836] smc: adding ib device syz1 with port count 1 [ 590.612789][T16836] smc: ib device syz1 port 1 has pnetid [ 590.615325][ T6067] vxcan1 speed is unknown, defaulting to 1000 [ 590.618782][T16836] vxcan1 speed is unknown, defaulting to 1000 [ 590.892203][T16836] vxcan1 speed is unknown, defaulting to 1000 [ 591.156652][T16836] vxcan1 speed is unknown, defaulting to 1000 [ 591.291362][T16854] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 591.319952][T16836] vxcan1 speed is unknown, defaulting to 1000 [ 591.790192][ T1457] usb 7-1: new full-speed USB device number 46 using dummy_hcd [ 591.824293][T16868] mac80211_hwsim hwsim22 wlan1: entered allmulticast mode [ 591.952428][ T1457] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 591.956539][ T1457] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 591.961679][ T1457] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 591.964417][ T1457] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.974352][T16871] bond0: (slave wlan1): Releasing backup interface [ 591.984826][ T1457] usb 7-1: config 0 descriptor?? [ 591.989483][ T1457] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 592.182127][ T29] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 592.194977][T16875] netlink: 'syz.1.2692': attribute type 3 has an invalid length. [ 592.198367][T16875] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2692'. [ 592.217435][ T1457] usb 7-1: USB disconnect, device number 46 [ 592.483979][ T29] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 592.487564][ T29] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 592.490825][ T29] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 592.502137][T16880] 9pnet_fd: Insufficient options for proto=fd [ 592.516113][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 592.526366][T16873] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 592.536338][ T29] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 592.820414][ T53] usb 7-1: new high-speed USB device number 47 using dummy_hcd [ 592.992031][ T53] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 592.996665][ T53] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 593.000763][ T53] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 593.004754][ T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.010822][T16880] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 593.014920][ T53] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 593.276364][T16894] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 593.794759][T16901] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 594.155760][ C3] ------------[ cut here ]------------ [ 594.157531][ C3] WARNING: CPU: 3 PID: 0 at net/mac80211/rx.c:5329 ieee80211_rx_list+0x15e3/0x2980 [ 594.160505][ C3] Modules linked in: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 594.162125][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 594.167076][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 594.170484][ C3] RIP: 0010:ieee80211_rx_list+0x15e3/0x2980 [ 594.172378][ C3] Code: 33 36 57 fe 48 85 c0 0f 85 0a 01 00 00 e8 35 ef c2 f6 48 89 df e8 9d 16 57 fe e8 28 ef c2 f6 e9 cd ee ff ff e8 1e ef c2 f6 90 <0f> 0b 90 e9 d4 ee ff ff e8 10 ef c2 f6 44 89 ef e8 48 aa d2 ff 31 [ 594.178283][ C3] RSP: 0018:ffffc900005e8c68 EFLAGS: 00010246 [ 594.180237][ C3] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8af88690 [ 594.182773][ C3] RDX: ffff88801bf00000 RSI: ffffffff8af899f2 RDI: 0000000000000001 [ 594.185449][ C3] RBP: ffff88806d7b9900 R08: 0000000000000001 R09: 0000000000000000 [ 594.187799][ C3] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880753230c8 [ 594.190249][ C3] R13: ffff88806d7b99d8 R14: ffff888075320e40 R15: 0000000000000000 [ 594.192821][ C3] FS: 0000000000000000(0000) GS:ffff888097a62000(0000) knlGS:0000000000000000 [ 594.195933][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 594.198078][ C3] CR2: 00000000f5075528 CR3: 000000006ac05000 CR4: 0000000000352ef0 [ 594.201164][ C3] DR0: 0000000000000008 DR1: 00000000000000ff DR2: fffffffffffffffb [ 594.204043][ C3] DR3: 3e00000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 594.206929][ C3] Call Trace: [ 594.208350][ C3] [ 594.209606][ C3] ? __lock_acquire+0x622/0x1c90 [ 594.211845][ C3] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 594.214021][ C3] ? __lock_acquire+0xb8a/0x1c90 [ 594.215974][ C3] ? lock_acquire+0x179/0x350 [ 594.217825][ C3] ieee80211_rx_napi+0xdc/0x410 [ 594.219896][ C3] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 594.222241][ C3] ? lockdep_hardirqs_on+0x7c/0x110 [ 594.223950][ C3] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 594.225779][ C3] ieee80211_handle_queued_frames+0xd5/0x130 [ 594.227659][ C3] tasklet_action_common+0x281/0x400 [ 594.229449][ C3] handle_softirqs+0x219/0x8e0 [ 594.231342][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 594.233188][ C3] __irq_exit_rcu+0x109/0x170 [ 594.235213][ C3] irq_exit_rcu+0x9/0x30 [ 594.236994][ C3] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 594.239214][ C3] [ 594.240567][ C3] [ 594.241821][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 594.244141][ C3] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 594.246437][ C3] Code: 0b 56 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d b3 1e 0e 00 fb f4 0c fb 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 594.253936][ C3] RSP: 0018:ffffc9000048fdf8 EFLAGS: 00000286 [ 594.255848][ C3] RAX: 0000000000a6c891 RBX: 0000000000000003 RCX: ffffffff8b7bec69 [ 594.258621][ C3] RDX: 0000000000000000 RSI: ffffffff8dc12c9a RDI: ffffffff8bf559e0 [ 594.262009][ C3] RBP: ffffed10037e0000 R08: 0000000000000001 R09: ffffed10056a6645 [ 594.265117][ C3] R10: ffff88802b53322b R11: 0000000000000001 R12: 0000000000000003 [ 594.268227][ C3] R13: ffff88801bf00000 R14: ffffffff90882750 R15: 0000000000000000 [ 594.271514][ C3] ? ct_kernel_exit+0x139/0x190 [ 594.273572][ C3] default_idle+0x13/0x20 [ 594.275398][ C3] default_idle_call+0x6d/0xb0 [ 594.277407][ C3] do_idle+0x391/0x510 [ 594.279155][ C3] ? __pfx_do_idle+0x10/0x10 [ 594.281165][ C3] ? trace_sched_exit_tp+0x31/0x130 [ 594.283388][ C3] cpu_startup_entry+0x4f/0x60 [ 594.285385][ C3] start_secondary+0x21d/0x2b0 [ 594.287408][ C3] ? __pfx_start_secondary+0x10/0x10 [ 594.289607][ C3] common_startup_64+0x13e/0x148 [ 594.291795][ C3] [ 594.293119][ C3] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 594.295517][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 594.298525][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 594.302847][ C3] Call Trace: [ 594.304217][ C3] [ 594.305437][ C3] dump_stack_lvl+0x3d/0x1f0 [ 594.307406][ C3] panic+0x71c/0x800 [ 594.309068][ C3] ? __pfx_panic+0x10/0x10 [ 594.310964][ C3] ? show_trace_log_lvl+0x29b/0x3e0 [ 594.313120][ C3] ? check_panic_on_warn+0x1f/0xb0 [ 594.315282][ C3] ? ieee80211_rx_list+0x15e3/0x2980 [ 594.317049][ C3] check_panic_on_warn+0xab/0xb0 [ 594.319145][ C3] __warn+0xf6/0x3c0 [ 594.320779][ C3] ? ieee80211_rx_list+0x15e3/0x2980 [ 594.322490][ C3] report_bug+0x3c3/0x580 [ 594.323852][ C3] ? ieee80211_rx_list+0x15e3/0x2980 [ 594.325495][ C3] handle_bug+0x184/0x210 [ 594.326868][ C3] exc_invalid_op+0x17/0x50 [ 594.328288][ C3] asm_exc_invalid_op+0x1a/0x20 [ 594.330204][ C3] RIP: 0010:ieee80211_rx_list+0x15e3/0x2980 [ 594.332675][ C3] Code: 33 36 57 fe 48 85 c0 0f 85 0a 01 00 00 e8 35 ef c2 f6 48 89 df e8 9d 16 57 fe e8 28 ef c2 f6 e9 cd ee ff ff e8 1e ef c2 f6 90 <0f> 0b 90 e9 d4 ee ff ff e8 10 ef c2 f6 44 89 ef e8 48 aa d2 ff 31 [ 594.340417][ C3] RSP: 0018:ffffc900005e8c68 EFLAGS: 00010246 [ 594.342529][ C3] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8af88690 [ 594.345578][ C3] RDX: ffff88801bf00000 RSI: ffffffff8af899f2 RDI: 0000000000000001 [ 594.347986][ C3] RBP: ffff88806d7b9900 R08: 0000000000000001 R09: 0000000000000000 [ 594.350958][ C3] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880753230c8 [ 594.354149][ C3] R13: ffff88806d7b99d8 R14: ffff888075320e40 R15: 0000000000000000 [ 594.357417][ C3] ? ieee80211_rx_list+0x280/0x2980 [ 594.359617][ C3] ? ieee80211_rx_list+0x15e2/0x2980 [ 594.361960][ C3] ? ieee80211_rx_list+0x15e2/0x2980 [ 594.364144][ C3] ? __lock_acquire+0x622/0x1c90 [ 594.366097][ C3] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 594.368158][ C3] ? __lock_acquire+0xb8a/0x1c90 [ 594.370234][ C3] ? lock_acquire+0x179/0x350 [ 594.371781][ C3] ieee80211_rx_napi+0xdc/0x410 [ 594.374040][ C3] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 594.376301][ C3] ? lockdep_hardirqs_on+0x7c/0x110 [ 594.378456][ C3] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 594.380859][ C3] ieee80211_handle_queued_frames+0xd5/0x130 [ 594.383327][ C3] tasklet_action_common+0x281/0x400 [ 594.385456][ C3] handle_softirqs+0x219/0x8e0 [ 594.387061][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 594.388719][ C3] __irq_exit_rcu+0x109/0x170 [ 594.390705][ C3] irq_exit_rcu+0x9/0x30 [ 594.392438][ C3] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 594.394698][ C3] [ 594.395978][ C3] [ 594.397233][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 594.399676][ C3] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 594.401544][ C3] Code: 0b 56 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d b3 1e 0e 00 fb f4 0c fb 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 594.407395][ C3] RSP: 0018:ffffc9000048fdf8 EFLAGS: 00000286 [ 594.409527][ C3] RAX: 0000000000a6c891 RBX: 0000000000000003 RCX: ffffffff8b7bec69 [ 594.412716][ C3] RDX: 0000000000000000 RSI: ffffffff8dc12c9a RDI: ffffffff8bf559e0 [ 594.415988][ C3] RBP: ffffed10037e0000 R08: 0000000000000001 R09: ffffed10056a6645 [ 594.419200][ C3] R10: ffff88802b53322b R11: 0000000000000001 R12: 0000000000000003 [ 594.422490][ C3] R13: ffff88801bf00000 R14: ffffffff90882750 R15: 0000000000000000 [ 594.424928][ C3] ? ct_kernel_exit+0x139/0x190 [ 594.426838][ C3] default_idle+0x13/0x20 [ 594.428635][ C3] default_idle_call+0x6d/0xb0 [ 594.430649][ C3] do_idle+0x391/0x510 [ 594.432382][ C3] ? __pfx_do_idle+0x10/0x10 [ 594.434363][ C3] ? trace_sched_exit_tp+0x31/0x130 [ 594.436438][ C3] cpu_startup_entry+0x4f/0x60 [ 594.438141][ C3] start_secondary+0x21d/0x2b0 [ 594.439970][ C3] ? __pfx_start_secondary+0x10/0x10 [ 594.442102][ C3] common_startup_64+0x13e/0x148 [ 594.444212][ C3] [ 594.446219][ C3] Kernel Offset: disabled [ 594.448054][ C3] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:51:39 Registers: info registers vcpu 0 CPU#0 RAX=00000000010c16b5 RBX=0000000000000000 RCX=ffffffff8b7bec69 RDX=0000000000000000 RSI=ffffffff8dc12c9a RDI=ffffffff8bf559e0 RBP=fffffbfff1c12ef0 RSP=ffffffff8e007e08 R8 =0000000000000001 R9 =ffffed1005646645 R10=ffff88802b23322b R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e097780 R14=ffffffff90882750 R15=0000000000000000 RIP=ffffffff8b7bd7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097762000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f46e40 CR3=000000006269c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000001e90749 RBX=0000000000000001 RCX=ffffffff8b7bec69 RDX=0000000000000000 RSI=ffffffff8dc12c9a RDI=ffffffff8bf559e0 RBP=ffffed1003ad5488 RSP=ffffc9000046fdf8 R8 =0000000000000001 R9 =ffffed1005666645 R10=ffff88802b33322b R11=0000000000000001 R12=0000000000000001 R13=ffff88801d6aa440 R14=ffffffff90882750 R15=0000000000000000 RIP=ffffffff8b7bd7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] GS =0000 ffff888097862000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000006269c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000ca81cd RBX=0000000000000002 RCX=ffffffff8b7bec69 RDX=0000000000000000 RSI=ffffffff8dc12c9a RDI=ffffffff8bf559e0 RBP=ffffed1003ad5910 RSP=ffffc9000047fdf8 R8 =0000000000000001 R9 =ffffed1005686645 R10=ffff88802b43322b R11=0000000000000001 R12=0000000000000002 R13=ffff88801d6ac880 R14=ffffffff90882750 R15=0000000000000000 RIP=ffffffff8b7bd7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c01300 GS =0000 ffff888097962000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffe04a52d3c CR3=00000000202bf000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000006001 Opmask01=0000000000000001 Opmask02=00000000c1800000 Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd19f9e6ab 00007ffd19f9e6ab ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd19f9ebb0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd19f9ebb0 0000003000000018 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6563697665446463 62202c616437303d 74000064392e6262 3d65636976654400 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6563637665446463 6220266164373037 7400006433246262 3765636376654400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302e36312e362064 65746e6961742074 6f4e20332f726570 70617773203a6d6d ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e72656d69742074 72617473206f7420 746e756f63206c61 6974696e6920676e ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 697355202e29736e 2032313234303236 3738312820746e75 6f63206c61697469 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e69203e2029736e 2039373138383930 3730332820393731 383839303730333d ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3039337830207265 7473696765722074 6e756f6320676e69 7472617473206874 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65746e656d676172 66206562206c6c69 7720656361667265 746e692073696874 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000006d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8557d3d5 RDI=ffffffff9ae6ca80 RBP=ffffffff9ae6ca40 RSP=ffffc900005e85d0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=000000000000006d R14=ffffffff9ae6ca40 R15=ffffffff8557d370 RIP=ffffffff8557d3ff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097a62000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f5075528 CR3=000000006ac05000 CR4=00352ef0 DR0=0000000000000008 DR1=00000000000000ff DR2=fffffffffffffffb DR3=3e00000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000d000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000