last executing test programs: 6.943431801s ago: executing program 1 (id=2759): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xa9dd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0, 0x40}}, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x14) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000001c0)=0x1) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001", @ANYRES8=r2, @ANYRESHEX=r2], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x18, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000a234010000d800c18112ec0914002020070000000000000000bfa100000000000007010000f8ffffffb70200b484000000b70300000e0000008500000006000000b7080000005d05c0a8eb7e6a444caa619ea4fc92fb0000007baa44b10b9b515c0c37fc2dc3aa366ef8ff00000000b50800000000ab4fce7c31b549b9ac078000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007048500f0ffffffb702000008000000", @ANYRES32=r5, @ANYBLOB="00f2000000000000b70500000809000085008128adbbe6ac090a6623819774fc320000a700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc) r7 = socket$netlink(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_PKTINFO(r7, 0x10e, 0x3, &(0x7f00000000c0)=0x3, 0x4) writev(r7, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="34000000130a0300000000000000000002000000090002007379c4310000800008000340000000010900010073797a30"], 0x34}}, 0x4000040) 4.869436535s ago: executing program 2 (id=2766): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan4\x00', 0x0}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r2) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r3, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x9}]}, 0x34}, 0x1, 0x0, 0x0, 0x40111}, 0x20000004) r5 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x60081, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r5, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x2000, 0x400000, 0x14, "3eccd8000000000000000010000000040100ff"}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_DEV(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="4f919d50f749fd695666337bf3cbdcee6a7d6ec714", @ANYRES16, @ANYBLOB="240c28bd7000fbdbdf252b0000000c0005000201aaaaaaaaaaaa08000200", @ANYRES32=r1, @ANYBLOB="08000200", @ANYRES32=r4, @ANYBLOB="0a0001007770616e340000000a0001007770616e3400000008", @ANYRES32=r6, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x48084) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010025bd7000fbdbdf251e00000008000300", @ANYRES32=r7, @ANYBLOB="50002f800c0002000300"/19, @ANYRES8=r2], 0x6c}, 0x1, 0x0, 0x0, 0x20000041}, 0x0) 4.864224512s ago: executing program 3 (id=2767): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) r1 = socket(0xa, 0x801, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x6}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = creat(&(0x7f0000000340)='./file0\x00', 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r7, &(0x7f0000000340), 0x11000) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ptrace(0x10, 0x0) mq_notify(r5, &(0x7f0000000000)={0x110c230000, 0x7, 0x1, @tid=r2}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) getsockopt(r1, 0x0, 0x40, &(0x7f0000b3ffac)=""/84, &(0x7f0000001ffc)=0x54) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) 4.781926894s ago: executing program 2 (id=2768): openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x2401, 0x0) fsopen(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x103) socket(0x10, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='tmpfs\x00', 0x9100c0, &(0x7f0000000280)='\x00\xdc\xb4\x03j8L\xa8\x8bT \x8c\xbf\x81`') r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = fsopen(&(0x7f0000000100)='binder\x00', 0x0) r7 = landlock_create_ruleset(&(0x7f00000000c0)={0x4302}, 0x18, 0x0) landlock_restrict_self(r7, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fsmount(r6, 0x0, 0x74) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) 4.692464682s ago: executing program 0 (id=2769): mkdir(&(0x7f0000000080)='./file1\x00', 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) setfsuid(0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x104}}, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x9, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000100)={0x1, 'geneve0\x00', 0x2a32}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(r4, 0x0, 0x487, &(0x7f00000001c0), &(0x7f0000000200)=0x30) connect$phonet_pipe(r3, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="50000000000201020000000000000000020000090800044000000008080008400000000208000440000000021c000a800800014000000001692701400000000108000140000000000800084000000002"], 0x50}, 0x1, 0x0, 0x0, 0x41}, 0x4000880) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) modify_ldt$write(0x1, &(0x7f0000000140)={0x7, 0xffffffffffffffff, 0x2000, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x620c0540, 0x0, 0x0, 0x0, 0x0, 0x0) msgget(0x1, 0x240) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[], 0x0, 0x4a, 0x0, 0x4}, 0x28) 4.326149111s ago: executing program 1 (id=2770): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xa9dd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0, 0x40}}, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x14) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000001c0)=0x1) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001", @ANYRES8=r2, @ANYRESHEX=r2], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x18, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000a234010000d800c18112ec0914002020070000000000000000bfa100000000000007010000f8ffffffb70200b484000000b70300000e0000008500000006000000b7080000005d05c0a8eb7e6a444caa619ea4fc92fb0000007baa44b10b9b515c0c37fc2dc3aa366ef8ff00000000b50800000000ab4fce7c31b549b9ac078000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007048500f0ffffffb702000008000000", @ANYRES32=r5, @ANYBLOB="00f2000000000000b70500000809000085008128adbbe6ac090a6623819774fc320000a700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc) r7 = socket$netlink(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_PKTINFO(r7, 0x10e, 0x3, &(0x7f00000000c0)=0x3, 0x4) writev(r7, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="34000000130a0300000000000000000002000000090002007379c4310000800008000340000000010900010073797a30"], 0x34}}, 0x4000040) 4.080953154s ago: executing program 0 (id=2771): r0 = userfaultfd(0x80801) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x3, 0x2c, {0x0}, {0xee01}, 0x5, 0x1}) prlimit64(r1, 0x1, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000200)) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket(0x2, 0x2, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(r4, 0x84, 0x1, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec) cachestat(r4, &(0x7f0000001080)={0x5bac, 0x7fe}, &(0x7f0000001100), 0x0) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x304}, "a95972fc5ec50719", "8e0870e9a5e9c2f133d700", "6a3a05b9", "12772541f8eb02bb"}, 0x28) sendmsg$inet(r3, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@ip_tos_u8={{0xd, 0x11a, 0x1, 0xba}}, @ip_tos_u8={{0xd}}], 0x20}, 0x0) accept4(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000040)=0x80, 0x800) bind$rose(r2, &(0x7f0000000200)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x1, @null}, 0x1c) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x7e00, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000000)={0xffffffffffffffff, 0x3000, 0x1000, 0x0, 0x1}, 0x20) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f0000000100)=0x3) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r6, &(0x7f00000004c0)={0x232, 0x7d, 0x0, {{0x500, 0xf1, 0x0, 0x5000000, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\"\x00}\xfag>\xff\xeb\t\xb51\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00/\xa9Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x01\x00\x00\x00', 0x12, '\xcf\xb6\x00'/18, 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0x8af, 0x642, 0x1, 0x2, 0xd59f83, 0x19f4, 0x42, 0x4, 0x3, 0x3, 0x2800, 0x2800, 0x1, 0xba2, 0xd, 0x23, {0x8, 0xffffffff}, 0xd2, 0x1}}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000140)={&(0x7f000013e000/0x4000)=nil, &(0x7f000017e000/0x4000)=nil, 0x4000, 0x3}) 3.996245566s ago: executing program 0 (id=2772): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400)={0x1d}) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0xe39}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000440)=[@in6={0xa, 0x4e23, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}, @in6={0xa, 0x4e21, 0x3, @remote, 0x5}, @in={0x2, 0x4e23, @local}, @in6={0xa, 0x4e20, 0xa131, @local, 0x800}, @in6={0xa, 0x4e23, 0x14, @local, 0x9}], 0x80) r4 = fsopen(&(0x7f0000000280)='btrfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x26) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r5, 0x0, 0x0) rename(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00') sendto$inet(r3, &(0x7f0000000180)="217aae", 0x3, 0x4040845, &(0x7f00000001c0)={0x2, 0x4e22, @remote}, 0x10) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 3.802673617s ago: executing program 3 (id=2773): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xa9dd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x14) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001", @ANYRES8=r2, @ANYRESHEX=r2], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x18, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000a234010000d800c18112ec0914002020070000000000000000bfa100000000000007010000f8ffffffb70200b484000000b70300000e0000008500000006000000b7080000005d05c0a8eb7e6a444caa619ea4fc92fb0000007baa44b10b9b515c0c37fc2dc3aa366ef8ff00000000b50800000000ab4fce7c31b549b9ac078000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007048500f0ffffffb702000008000000", @ANYRES32=r5, @ANYBLOB="00f2000000000000b70500000809000085008128adbbe6ac090a6623819774fc320000a700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r6 = socket$netlink(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_PKTINFO(r6, 0x10e, 0x3, &(0x7f00000000c0)=0x3, 0x4) writev(r6, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) 3.63180668s ago: executing program 2 (id=2774): socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x2f73, 0x1, 0x4, 0x2, 0x7}}) mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0) mount(&(0x7f0000000040)=@sg0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000180)='gfs2\x00', 0x80080, &(0x7f00000001c0)='discard') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7ff, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xf, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000730101000000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @cgroup_device=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0xc) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x25, &(0x7f0000000280)={r2, @in={{0x2, 0x4e21, @empty}}, 0x0, 0x1, 0x0, 0x8}, 0x9c) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r4, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x6, 0x80012, r4, 0xfdcfd000) 3.292573962s ago: executing program 1 (id=2775): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000000c0)={0x0, 0x1ffffe, 0x10100, 0x0, 0xfffffffd, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}}) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000000)={@loopback, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c) setsockopt$MRT_ADD_MFC(r5, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0x0, 0x4, 0xfffffffe}, 0x3c) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty, 0x10}, 0x20) io_uring_enter(r1, 0x67d7, 0x99b, 0x42, &(0x7f0000000880)={[0x9, 0x5]}, 0x8) setsockopt$MRT_ADD_MFC(r5, 0x0, 0xcc, &(0x7f0000000200)={@empty, @private, 0x0, "606b177019716ea6ff1f4d7ed79c31e2e0f1da00000000230000002000", 0x3e1f}, 0x3c) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000180)) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) close(0xffffffffffffffff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380), 0x0, 0xcf, &(0x7f00000003c0), 0x0, 0x0, 0x0, &(0x7f0000000440), 0x8, 0xa6, 0x8, 0x8, &(0x7f0000000480)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x10, 0x9, &(0x7f00000002c0)=@raw=[@exit, @map_idx={0x18, 0x1, 0x5, 0x0, 0x5}, @tail_call, @call={0x85, 0x0, 0x0, 0xcd}], &(0x7f0000000140)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x5e, '\x00', r7, @fallback=0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x3, 0x7, 0xa, 0x401}, 0x10, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)=[r1, r1, r1, r1], &(0x7f0000000740)=[{0x3, 0x4, 0xe, 0x3}, {0x4, 0x1, 0x9, 0x1}, {0x1, 0x1, 0xe, 0x9}, {0x0, 0x5, 0x10, 0x7}, {0x3, 0x3, 0xe, 0x4}, {0x2, 0x1, 0x7, 0x12}, {0x4, 0x1, 0x1, 0xa}, {0x1, 0x3, 0x7, 0xa}], 0x10, 0xffffff7f}, 0x94) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82) syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x0) 2.926285451s ago: executing program 0 (id=2776): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan4\x00', 0x0}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r2) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r3, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x9}]}, 0x34}, 0x1, 0x0, 0x0, 0x40111}, 0x20000004) r5 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x60081, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r5, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x2000, 0x400000, 0x14, "3eccd8000000000000000010000000040100ff"}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_DEV(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="4f919d50f749fd695666337bf3cbdcee6a7d6ec714", @ANYRES16, @ANYBLOB="240c28bd7000fbdbdf252b0000000c0005000201aaaaaaaaaaaa08000200", @ANYRES32=r1, @ANYBLOB="08000200", @ANYRES32=r4, @ANYBLOB="0a0001007770616e340000000a0001007770616e34000000080002", @ANYRES32=r6, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x48084) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010025bd7000fbdbdf251e00000008000300", @ANYRES32=r7, @ANYBLOB="50002f800c0002000300"/19, @ANYRES8=r2], 0x6c}, 0x1, 0x0, 0x0, 0x20000041}, 0x0) 2.875925811s ago: executing program 3 (id=2777): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x800448d2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x3}, {}, {}, {}, {}, {0x0, 0xfffffffe}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0) read$msr(r1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000000031404002ab1000f4938c29ebda883bd7000ffdbdf250900020073797a32000000000800410073697700140033"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) writev(r2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setresuid(0x0, 0xee00, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00'}) r4 = socket(0x10, 0x80002, 0x0) connect$inet6(r4, 0x0, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="44000000130029", @ANYRESHEX=r2], 0x44}}, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r5, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r5, 0x540a, 0x2) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)) ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4004550c, &(0x7f0000000040)) syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) 2.8739032s ago: executing program 0 (id=2778): syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsopen(&(0x7f0000000100)='udf\x00', 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe80000000000000"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000000009000000300003801400020073"], 0x44}}, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='tlb_flush\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) 2.66849313s ago: executing program 2 (id=2779): mkdir(&(0x7f0000000080)='./file1\x00', 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) setfsuid(0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[], 0x104}}, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x9, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000100)={0x1, 'geneve0\x00', 0x2a32}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(r4, 0x0, 0x487, &(0x7f00000001c0), &(0x7f0000000200)=0x30) connect$phonet_pipe(r3, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="50000000000201020000000000000000020000090800044000000008080008400000000208000440000000021c000a800800014000000001692701400000000108000140000000000800084000000002"], 0x50}, 0x1, 0x0, 0x0, 0x41}, 0x4000880) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) modify_ldt$write(0x1, &(0x7f0000000140)={0x7, 0xffffffffffffffff, 0x2000, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x620c0540, 0x0, 0x0, 0x0, 0x0, 0x0) msgget(0x1, 0x240) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[], 0x0, 0x4a, 0x0, 0x4}, 0x28) 2.668012553s ago: executing program 3 (id=2780): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4) fsopen(&(0x7f00000000c0)='hfs\x00', 0x0) r2 = socket(0x10, 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0cc5604, &(0x7f00000003c0)={0x386db4e99dc99fb8, @pix_mp={0xca, 0x5, 0x3231564e, 0x8, 0x5, [{0x2, 0x7}, {0x2, 0x7}, {0x3, 0x9}, {0x0, 0x401}, {0x2, 0xd9}, {0x1, 0x10}, {0x80000000, 0x7}, {0xd0000000, 0xb552}], 0xb, 0x9, 0x2, 0x0, 0x4}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000004c0)={'sit0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x700, 0x80, 0xd, 0x11, {{0x9, 0x4, 0x1, 0x2, 0x24, 0x64, 0x0, 0x2, 0x5549ca03dbffd6cb, 0x0, @remote, @rand_addr=0x64010100, {[@generic={0x82, 0xd, "caec392d6b0ef1b412848b"}, @noop, @noop]}}}}}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRESDEC=r4], 0x1c}}, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet_smc(0x2b, 0x1, 0x0) r5 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x14d002) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x400000, 0x0, 0xffffffffffffffff, 0x7ee, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x50) ioctl$NBD_SET_SOCK(r5, 0xab00, r6) 2.230621525s ago: executing program 2 (id=2781): r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) io_setup(0x3, &(0x7f0000000180)=0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') r2 = creat(&(0x7f0000000200)='./file0\x00', 0x20) r3 = socket(0xa, 0x3, 0x3a) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) pipe2$9p(&(0x7f0000000980), 0x0) setsockopt$MRT6_DEL_MIF(r3, 0x29, 0xc8, 0x0, 0xc000000) syz_emit_ethernet(0x6a, &(0x7f00000003c0)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f57a14", 0x30, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x4, 0x1, 0x0, 0x0, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021840000000c0a0101000000000000d955070000000900020073797a31000000000900010073797a30000000005800038054000080080003400000000248000b80340001800a0001006c696d69740000002400028008000440", @ANYRES32], 0x108}, 0x1, 0x0, 0x0, 0x2406c005}, 0x0) close(r2) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000040), 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) io_submit(r1, 0x1, &(0x7f0000000100)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x101, r0, &(0x7f00000001c0)="24eb573fbdbf3a7bf7839cd7eb462bc75d403a677797f4619a4f87d74e033b0cfba6a307e5d9474eda1d775215b8be6b948ae734c53ae680ffaba2f6682135af570fd5c8ac8843a033b77931e56c268b23f5aac17cbf3b7d44107a16e8eddaf78001eb1300fbbecdd1d3aaba497171d1e32e4c7ba1645b03e81eacd45541db53b5c16bbeb1fe5823d46c67337487122745c0753191b225a3beaaea6ee431094ed61075f79ab20ce96a845cf57da09788eb313bc866e3c185c17b16236d0ca275a9bfe76e95425a5a41b15d1adc5c46", 0xcf, 0x8, 0x0, 0x1, r2}]) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0) 2.224147921s ago: executing program 1 (id=2782): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) r1 = socket(0xa, 0x801, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x6}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = creat(&(0x7f0000000340)='./file0\x00', 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r7, &(0x7f0000000340), 0x11000) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ptrace(0x10, 0x0) mq_notify(r5, &(0x7f0000000000)={0x110c230000, 0x7, 0x1, @tid=r2}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) getsockopt(r1, 0x0, 0x40, &(0x7f0000b3ffac)=""/84, &(0x7f0000001ffc)=0x54) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) 1.718931117s ago: executing program 3 (id=2783): socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x2f73, 0x1, 0x4, 0x2, 0x7}}) mount(&(0x7f0000000040)=@sg0, 0x0, &(0x7f0000000180)='gfs2\x00', 0x80080, &(0x7f00000001c0)='discard') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7ff, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xf, 0x4, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @cgroup_device=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0xc) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r2, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x1000}], 0x1}}], 0x1, 0x700, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x6, 0x80012, r2, 0xfdcfd000) 1.282968785s ago: executing program 1 (id=2784): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xa9dd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0, 0x40}}, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x14) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001", @ANYRES8=r2, @ANYRESHEX=r2], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x18, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000a234010000d800c18112ec0914002020070000000000000000bfa100000000000007010000f8ffffffb70200b484000000b70300000e0000008500000006000000b7080000005d05c0a8eb7e6a444caa619ea4fc92fb0000007baa44b10b9b515c0c37fc2dc3aa366ef8ff00000000b50800000000ab4fce7c31b549b9ac078000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007048500f0ffffffb702000008000000", @ANYRES32=r5, @ANYBLOB="00f2000000000000b70500000809000085008128adbbe6ac090a6623819774fc320000a700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r6 = socket$netlink(0x10, 0x3, 0x4) writev(r6, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) 1.182641853s ago: executing program 0 (id=2785): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x400000000010, 0x3, 0x0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x10500, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x7fff, 0x40024e, 0x0, r3}, 0x0, &(0x7f0000000040)) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r4, &(0x7f0000000000)="2e000300010002", 0x7) statx(r3, &(0x7f00000003c0)='./file0\x00', 0x0, 0x7ff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f00000000c0)={0x5980e701, 0x5, {}, {r5}, 0x7, 0x7f}) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x20408b3, &(0x7f0000000340)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x40}}, {@max_read={'max_read', 0x3d, 0x800}}, {@allow_other}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@obj_role={'obj_role', 0x3d, '/dev/vhost-net\x00'}}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@flag='sync'}]}}) r6 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r7 = getuid() quotactl_fd$Q_GETNEXTQUOTA(r6, 0xffffffff80000901, r7, &(0x7f0000000380)) sendmsg$nl_xfrm(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="b8030000160000042cbd7000fcdbdf250a010102000000000000000000000000fe8000000000000000000000000000114e2000094e22000b0a00008008000000", @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="00000000000000000000ffff7f000001000004d6ff000000ac1e0101000000000000000000000000080000000000000004000000000000000600000000000000010000000000000002000000000000000100008000000000090000000000000040000000000000000100000001000000c1000000000000000800000000000000010100000000000077060000ffffffff8f00000025bd7000023500000a0001a408000000090000000000008008001d0008000000a8000700fc000000000000000000000000000001ff0200000000000000000000000000014e2200044e2300000a00a0200a000000", @ANYRES32=0x0, @ANYRES32=r7, @ANYBLOB="09000000000000000100008000000000630c00000000000009000000000000000002000000000000800000000000000000000000000000000500000000000000100000000000000002000000000000000900000000000000030000000000000001000080b36b6e000200034e0c0015005c0735000300000008001d0002000000300017000500000027bd70002dbd70002bbd700025bd7000040000000600000003000000ff010000040000000100000034011100ac1e000100000000000000000000000000000000000000000000000000000000fe800000000000000000000000000019000000000000000000000000000000003c0200000435000002000200e000000100000000000000000000000000000000000000000000000000000000fc0100000000000000000000000000017f000001000000000000000000000000320200000235000002000200e0000001000000000000000000000000640101010000000000000000000000007f000001000000000000000000000000000000000000000000000000000000016c0200000735000002000000ac1414bb000000000000000000000000ac14141b00000000000000000000000020010000000000000000000000000001ffadfcb1ec00000000000000000000013c040000000000000a0002009c001100ffffffff00000000000000000000000000000000000000000000ffffac1414aa7f000001000000000000000000000000fe8800000000000000000000000001013c010000043500000a000a000a010102000000000000000000000000ac14142d00000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000aa330100000335000002000a00"], 0x3b8}, 0x1, 0x0, 0x0, 0x20008010}, 0x800) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x8400, 0x0) r8 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r9]) r10 = socket$unix(0x1, 0x1, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x100000a, 0x10010, r9, 0x26a6f000) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=@newtfilter={0x60, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0xb00, r11, {0x9, 0x7}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x30, 0x2, [@TCA_CGROUP_EMATCHES={0x2c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xb}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x874f, 0x8, 0x2}, {0x0, 0x3, 0x5}}}, @TCF_EM_IPT={0xc, 0x2, 0x0, 0x0, {{0x1000, 0x9, 0x3}}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x90}, 0x40010) 1.150653542s ago: executing program 2 (id=2786): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xa9dd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) 663.125895ms ago: executing program 3 (id=2787): mkdir(&(0x7f0000000080)='./file1\x00', 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) setfsuid(0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[], 0x104}}, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x9, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$phonet_pipe(0x23, 0x5, 0x2) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000100)={0x1, 'geneve0\x00', 0x2a32}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(r3, 0x0, 0x487, &(0x7f00000001c0), &(0x7f0000000200)=0x30) socket$key(0xf, 0x3, 0x2) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="50000000000201020000000000000000020000090800044000000008080008400000000208000440000000021c000a800800014000000001692701400000000108000140000000000800084000000002"], 0x50}, 0x1, 0x0, 0x0, 0x41}, 0x4000880) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) modify_ldt$write(0x1, &(0x7f0000000140)={0x7, 0xffffffffffffffff, 0x2000, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x620c0540, 0x0, 0x0, 0x0, 0x0, 0x0) msgget(0x1, 0x240) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[], 0x0, 0x4a, 0x0, 0x4}, 0x28) 0s ago: executing program 1 (id=2788): socket$nl_generic(0x10, 0x3, 0x10) (async) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000006"], 0x66) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r1}, 0x38) (async) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x7, r1}, 0x38) fsopen(0x0, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_usb_connect(0x2, 0x9a2, 0x0, 0x0) (async) r2 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, 0x0, 0x0) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140)) (async) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) (async) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, 0x0, 0x0) (async) r6 = accept4(r5, 0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r6, 0x89f3, &(0x7f0000000640)={'tunl0\x00', &(0x7f0000000540)={'erspan0\x00', 0x0, 0x80, 0x7800, 0x2, 0x63, {{0x6, 0x4, 0x1, 0x5, 0x18, 0x67, 0x0, 0x3, 0x4, 0x0, @empty, @initdev={0xac, 0x1e, 0x9, 0x0}, {[@generic={0xc8, 0x2}]}}}}}) (async) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/57, 0x1304000, 0x800, 0xfffffffe, 0x1}, 0x1c) (async) ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) (async) socket$kcm(0x29, 0x0, 0x0) (async) sendmsg$NL80211_CMD_JOIN_IBSS(r6, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x30, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x17}}}}, [@NL80211_ATTR_FREQ_FIXED={0x4}, @NL80211_ATTR_FREQ_FIXED={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) kernel console output (not intermixed with test programs): 28] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 509.515495][T13228] ? find_held_lock+0x2b/0x80 [ 509.515506][T13228] ? hook_file_ioctl_common+0x145/0x410 [ 509.515520][T13228] ? __fget_files+0x20e/0x3c0 [ 509.515534][T13228] ? __fput_deferred+0x440/0x480 [ 509.515547][T13228] security_file_ioctl_compat+0x9b/0x240 [ 509.515565][T13228] __ia32_compat_sys_ioctl+0xc3/0x370 [ 509.515581][T13228] __do_fast_syscall_32+0x7c/0x3a0 [ 509.515599][T13228] do_fast_syscall_32+0x32/0x80 [ 509.515615][T13228] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 509.515628][T13228] RIP: 0023:0xf7f63579 [ 509.515637][T13228] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 509.515648][T13228] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 509.515658][T13228] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004008af04 [ 509.515664][T13228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 509.515670][T13228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 509.515676][T13228] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 509.515683][T13228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 509.515696][T13228] [ 509.515707][T13228] ERROR: Out of memory at tomoyo_realpath_from_path. [ 510.583775][T13257] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 510.592689][T13257] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 510.597011][T13257] overlayfs: missing 'lowerdir' [ 511.262253][T13270] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 511.423617][T13273] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1903'. [ 511.453363][T13275] FAULT_INJECTION: forcing a failure. [ 511.453363][T13275] name failslab, interval 1, probability 0, space 0, times 0 [ 511.457236][T13275] CPU: 3 UID: 0 PID: 13275 Comm: syz.1.1904 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 511.457252][T13275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 511.457259][T13275] Call Trace: [ 511.457263][T13275] [ 511.457272][T13275] dump_stack_lvl+0x16c/0x1f0 [ 511.457292][T13275] should_fail_ex+0x512/0x640 [ 511.457307][T13275] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 511.457325][T13275] should_failslab+0xc2/0x120 [ 511.457335][T13275] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 511.457350][T13275] ? __pfx_tcp_current_mss+0x10/0x10 [ 511.457365][T13275] ? unwind_get_return_address+0x59/0xa0 [ 511.457381][T13275] ? __alloc_skb+0x2b2/0x380 [ 511.457398][T13275] __alloc_skb+0x2b2/0x380 [ 511.457413][T13275] ? __pfx___alloc_skb+0x10/0x10 [ 511.457428][T13275] ? _parse_integer_limit+0x17f/0x1d0 [ 511.457441][T13275] ? aa_label_sk_perm+0x19b/0x5a0 [ 511.457457][T13275] tcp_stream_alloc_skb+0x34/0x570 [ 511.457472][T13275] tcp_sendmsg_locked+0x130f/0x4300 [ 511.457490][T13275] ? __lock_acquire+0xb8a/0x1c90 [ 511.457508][T13275] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 511.457524][T13275] ? do_raw_spin_lock+0x12c/0x2b0 [ 511.457540][T13275] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 511.457558][T13275] ? __local_bh_enable_ip+0xa4/0x120 [ 511.457572][T13275] tcp_sendmsg+0x2e/0x50 [ 511.457585][T13275] ? __pfx_tcp_sendmsg+0x10/0x10 [ 511.457598][T13275] inet_sendmsg+0xb9/0x140 [ 511.457614][T13275] __sys_sendto+0x43c/0x520 [ 511.457628][T13275] ? __pfx___sys_sendto+0x10/0x10 [ 511.457654][T13275] ? ksys_write+0x1ac/0x250 [ 511.457669][T13275] ? __pfx_ksys_write+0x10/0x10 [ 511.457685][T13275] __ia32_sys_sendto+0xdd/0x1b0 [ 511.457699][T13275] ? lockdep_hardirqs_on+0x7c/0x110 [ 511.457714][T13275] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 511.457731][T13275] __do_fast_syscall_32+0x7c/0x3a0 [ 511.457748][T13275] do_fast_syscall_32+0x32/0x80 [ 511.457764][T13275] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 511.457778][T13275] RIP: 0023:0xf7f63579 [ 511.457788][T13275] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 511.457798][T13275] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 511.457808][T13275] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000000 [ 511.457815][T13275] RDX: 00000000ffffff94 RSI: 0000000000000000 RDI: 0000000000000000 [ 511.457821][T13275] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 511.457827][T13275] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 511.457833][T13275] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 511.457846][T13275] [ 511.719673][T13263] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1900'. [ 511.726764][T13263] bridge2: entered promiscuous mode [ 511.765750][T13263] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 512.089030][T13283] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 512.090909][T13283] syzkaller1: Linktype set failed because interface is up [ 512.113790][ T7959] syzkaller1: tun_net_xmit 90 [ 512.383676][T13293] FAULT_INJECTION: forcing a failure. [ 512.383676][T13293] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 512.389009][T13293] CPU: 1 UID: 0 PID: 13293 Comm: syz.1.1908 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 512.389034][T13293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 512.389043][T13293] Call Trace: [ 512.389051][T13293] [ 512.389060][T13293] dump_stack_lvl+0x16c/0x1f0 [ 512.389091][T13293] should_fail_ex+0x512/0x640 [ 512.389119][T13293] _copy_to_user+0x32/0xd0 [ 512.389147][T13293] simple_read_from_buffer+0xcb/0x170 [ 512.389172][T13293] proc_fail_nth_read+0x197/0x270 [ 512.389192][T13293] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 512.389224][T13293] ? rw_verify_area+0xcf/0x680 [ 512.389244][T13293] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 512.389264][T13293] vfs_read+0x1e4/0xc60 [ 512.389287][T13293] ? fdget_pos+0x2a2/0x370 [ 512.389314][T13293] ? __pfx_vfs_read+0x10/0x10 [ 512.389333][T13293] ? find_held_lock+0x2b/0x80 [ 512.389357][T13293] ? __fget_files+0x20e/0x3c0 [ 512.389387][T13293] ksys_read+0x12a/0x250 [ 512.389409][T13293] ? __pfx_ksys_read+0x10/0x10 [ 512.389430][T13293] ? syscall_trace_enter+0x1cb/0x260 [ 512.389457][T13293] ? rcu_is_watching+0x12/0xc0 [ 512.389476][T13293] __do_fast_syscall_32+0x7c/0x3a0 [ 512.389506][T13293] do_fast_syscall_32+0x32/0x80 [ 512.389530][T13293] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 512.389551][T13293] RIP: 0023:0xf7f63579 [ 512.389566][T13293] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 512.389581][T13293] RSP: 002b:00000000f5086590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 512.389598][T13293] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5086620 [ 512.389608][T13293] RDX: 000000000000000f RSI: 00000000f73f3ff4 RDI: 0000000000000000 [ 512.389619][T13293] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 512.389629][T13293] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 512.389638][T13293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 512.389661][T13293] [ 512.632847][ T7959] syzkaller1: tun_net_xmit 90 [ 512.802775][ T13] syzkaller1: tun_net_xmit 86 [ 513.116633][T13300] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1910'. [ 514.136450][T13311] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1917'. [ 515.389779][T13330] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1918'. [ 515.393059][T13330] netlink: 'syz.0.1918': attribute type 3 has an invalid length. [ 515.395592][T13330] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1918'. [ 515.411386][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.421123][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.424642][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.427264][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.429636][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.432208][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.435295][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.437734][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.440121][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.443238][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.445754][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.448479][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.451836][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.457603][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.460916][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.464443][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.467738][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.470936][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.474565][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.477883][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.481203][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.484684][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.487647][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.490071][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.492665][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.495293][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.498319][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.501616][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.504737][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.507897][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.511322][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.514206][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.516592][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.519544][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.522096][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.524773][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.527705][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.530276][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.533221][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.535711][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.538690][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.541881][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.545316][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: unknown main item tag 0x0 [ 515.553876][ T7959] hid-generic 0000:007F:FFFFFFFE.0026: hidraw1: HID v0.00 Device [syz1] on syz0 [ 515.607512][T13334] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1919'. [ 515.610199][T13334] netlink: 'syz.0.1919': attribute type 3 has an invalid length. [ 515.613680][T13334] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1919'. [ 515.615332][T13332] fido_id[13332]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 515.624870][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.630591][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.635179][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.637655][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.639984][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.642565][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.644807][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.647006][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.649443][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.651938][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.654425][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.656871][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.659402][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.661932][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.664511][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.666977][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.669399][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.671953][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.674445][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.676933][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.679322][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.681829][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.687182][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.689604][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.692142][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.694643][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.697148][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.699579][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.702092][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.704709][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.707172][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.709721][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.712294][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.714933][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.717446][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.719934][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.722539][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.724999][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.727495][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.729896][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.732543][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.735027][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.737414][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: unknown main item tag 0x0 [ 515.743097][ T6407] hid-generic 0000:007F:FFFFFFFE.0027: hidraw1: HID v0.00 Device [syz1] on syz0 [ 515.836804][T13340] fido_id[13340]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 516.635075][T13352] netlink: 'syz.2.1924': attribute type 1 has an invalid length. [ 516.664607][T13352] 8021q: adding VLAN 0 to HW filter on device bond21 [ 516.716832][T13355] fuse: Unknown parameter ''ZÒ&' [ 517.326838][T13361] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1926'. [ 518.191580][T13378] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1931'. [ 518.200465][T13378] netlink: 'syz.1.1931': attribute type 4 has an invalid length. [ 518.551797][T13386] netlink: 'syz.0.1934': attribute type 1 has an invalid length. [ 518.566722][T13386] 8021q: adding VLAN 0 to HW filter on device bond9 [ 518.957287][T13394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1937'. [ 519.061397][T13403] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1938'. [ 520.397637][T13419] netlink: 'syz.2.1942': attribute type 1 has an invalid length. [ 520.657381][T13422] veth0: entered promiscuous mode [ 521.125278][T13429] fuse: Unknown parameter ''ZÒ&' [ 521.217830][T13431] fuse: Unknown parameter ''ZÒ&' [ 521.332679][ T29] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 521.494363][ T29] usb 6-1: Using ep0 maxpacket: 32 [ 521.500059][ T29] usb 6-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 521.504051][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.513747][ T29] usb 6-1: config 0 descriptor?? [ 521.543053][ T29] as10x_usb: device has been detected [ 521.557919][ T29] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 521.596016][T13440] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1948'. [ 521.624452][ T29] usb 6-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 521.686986][ T29] as10x_usb: error during firmware upload part1 [ 521.689587][ T29] Registered device nBox DVB-T Dongle [ 521.746104][T13422] veth0: left promiscuous mode [ 521.751414][ T29] usb 6-1: USB disconnect, device number 32 [ 521.785096][T13422] netlink: 'syz.1.1943': attribute type 5 has an invalid length. [ 521.787689][T13422] netlink: 'syz.1.1943': attribute type 7 has an invalid length. [ 521.811833][ T29] Unregistered device nBox DVB-T Dongle [ 521.816246][ T29] as10x_usb: device has been disconnected [ 523.393904][ T6407] usb 5-1: new full-speed USB device number 44 using dummy_hcd [ 523.479239][T13470] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 523.553715][ T6407] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 523.562749][ T6407] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 523.567439][ T6407] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 523.570225][ T6407] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.783794][ T6407] usb 5-1: usb_control_msg returned -32 [ 523.786146][ T6407] usbtmc 5-1:16.0: can't read capabilities [ 525.259129][T13487] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 526.063543][T13493] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 526.150383][ T7959] usb 5-1: USB disconnect, device number 44 [ 526.258447][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805feb0c00: rx timeout, send abort [ 526.381671][T13501] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1964'. [ 526.485000][T13506] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 526.758513][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805feb1800: rx timeout, send abort [ 526.762550][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805feb0c00: abort rx timeout. Force session deactivation [ 527.261400][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805feb1800: abort rx timeout. Force session deactivation [ 528.340009][T13532] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1973'. [ 529.576862][T13554] FAULT_INJECTION: forcing a failure. [ 529.576862][T13554] name failslab, interval 1, probability 0, space 0, times 0 [ 529.581063][T13554] CPU: 1 UID: 0 PID: 13554 Comm: syz.3.1979 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 529.581086][T13554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 529.581097][T13554] Call Trace: [ 529.581103][T13554] [ 529.581110][T13554] dump_stack_lvl+0x16c/0x1f0 [ 529.581140][T13554] should_fail_ex+0x512/0x640 [ 529.581162][T13554] ? fs_reclaim_acquire+0xae/0x150 [ 529.581183][T13554] ? tomoyo_encode2+0x100/0x3e0 [ 529.581203][T13554] should_failslab+0xc2/0x120 [ 529.581220][T13554] __kmalloc_noprof+0xd2/0x510 [ 529.581249][T13554] tomoyo_encode2+0x100/0x3e0 [ 529.581274][T13554] tomoyo_encode+0x29/0x50 [ 529.581293][T13554] tomoyo_realpath_from_path+0x18f/0x6e0 [ 529.581318][T13554] ? tomoyo_profile+0x47/0x60 [ 529.581344][T13554] tomoyo_path_number_perm+0x245/0x580 [ 529.581362][T13554] ? tomoyo_path_number_perm+0x237/0x580 [ 529.581382][T13554] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 529.581429][T13554] ? find_held_lock+0x2b/0x80 [ 529.581446][T13554] ? hook_file_ioctl_common+0x145/0x410 [ 529.581469][T13554] ? __fget_files+0x20e/0x3c0 [ 529.581489][T13554] ? __fput_deferred+0x440/0x480 [ 529.581509][T13554] security_file_ioctl_compat+0x9b/0x240 [ 529.581531][T13554] __ia32_compat_sys_ioctl+0xc3/0x370 [ 529.581554][T13554] __do_fast_syscall_32+0x7c/0x3a0 [ 529.581581][T13554] do_fast_syscall_32+0x32/0x80 [ 529.581605][T13554] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 529.581625][T13554] RIP: 0023:0xf710e579 [ 529.581639][T13554] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 529.581654][T13554] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 529.581670][T13554] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008916 [ 529.581681][T13554] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 529.581691][T13554] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 529.581701][T13554] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 529.581710][T13554] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 529.581732][T13554] [ 529.581749][T13554] ERROR: Out of memory at tomoyo_realpath_from_path. [ 529.946133][T13567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1984'. [ 532.010895][T13601] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1993'. [ 532.023804][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.026303][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.029544][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.034115][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.036648][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.039230][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.041988][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.046535][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.050085][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.053887][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.057626][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.064509][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.068088][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.071463][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.074646][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.077371][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.080001][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.082703][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.085335][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.088089][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.090584][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.093579][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.096239][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.098866][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.101523][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.104501][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.107108][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.109628][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.112146][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.115373][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.117940][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.120505][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.123451][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.126069][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.128744][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.131312][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.134352][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.137062][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.140458][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.144532][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.147181][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.149716][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.152170][T10792] hid-generic 0000:007F:FFFFFFFE.0028: unknown main item tag 0x0 [ 532.160514][T10792] hid-generic 0000:007F:FFFFFFFE.0028: hidraw1: HID v0.00 Device [syz1] on syz0 [ 532.214176][T13602] fido_id[13602]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 532.713588][T13611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1994'. [ 533.939467][T13633] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 534.596607][T13645] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2003'. [ 535.587657][T13657] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 535.798068][T13663] netlink: 'syz.2.2008': attribute type 1 has an invalid length. [ 535.820476][T13663] 8021q: adding VLAN 0 to HW filter on device bond22 [ 535.829260][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805fc84800: rx timeout, send abort [ 535.924798][T13667] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2006'. [ 536.329368][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805fc86400: rx timeout, send abort [ 536.332977][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805fc84800: abort rx timeout. Force session deactivation [ 536.354302][T13675] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 536.673899][T13679] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2012'. [ 536.720745][T13685] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2013'. [ 536.739151][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.741787][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.747075][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.749524][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.751981][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.755981][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.758615][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.761070][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.763731][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.766129][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.768699][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.771169][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.773915][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.776397][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.778955][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.781436][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.783841][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.786255][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.788750][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.791146][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.793610][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.796061][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.798564][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.800889][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.803376][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.805860][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.808461][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.810950][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.813822][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.816354][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.819063][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.821584][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.824091][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.826606][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.829103][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.831460][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.832143][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805fc86400: abort rx timeout. Force session deactivation [ 536.834336][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.839841][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.842227][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.844698][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.847237][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.849625][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.851970][ T24] hid-generic 0000:007F:FFFFFFFE.0029: unknown main item tag 0x0 [ 536.859101][ T24] hid-generic 0000:007F:FFFFFFFE.0029: hidraw1: HID v0.00 Device [syz1] on syz0 [ 536.901223][T13686] fido_id[13686]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 538.246739][T13707] netlink: 'syz.2.2018': attribute type 1 has an invalid length. [ 538.268960][T13707] 8021q: adding VLAN 0 to HW filter on device bond23 [ 539.542238][T13721] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2021'. [ 539.638879][T13729] fuse: Unknown parameter ''ZÒ&' [ 540.508976][T13746] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2027'. [ 542.842065][T13762] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 543.074691][T13767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2031'. [ 543.077588][ C2] vcan0: j1939_tp_rxtimer: 0xffff888023a39800: rx timeout, send abort [ 543.168995][T13771] FAULT_INJECTION: forcing a failure. [ 543.168995][T13771] name failslab, interval 1, probability 0, space 0, times 0 [ 543.173439][T13771] CPU: 1 UID: 0 PID: 13771 Comm: syz.2.2033 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 543.173465][T13771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 543.173473][T13771] Call Trace: [ 543.173477][T13771] [ 543.173481][T13771] dump_stack_lvl+0x16c/0x1f0 [ 543.173501][T13771] should_fail_ex+0x512/0x640 [ 543.173516][T13771] ? fs_reclaim_acquire+0xae/0x150 [ 543.173530][T13771] ? tomoyo_encode2+0x100/0x3e0 [ 543.173543][T13771] should_failslab+0xc2/0x120 [ 543.173554][T13771] __kmalloc_noprof+0xd2/0x510 [ 543.173569][T13771] ? d_absolute_path+0x136/0x1a0 [ 543.173582][T13771] tomoyo_encode2+0x100/0x3e0 [ 543.173598][T13771] tomoyo_encode+0x29/0x50 [ 543.173611][T13771] tomoyo_realpath_from_path+0x18f/0x6e0 [ 543.173629][T13771] tomoyo_path_number_perm+0x245/0x580 [ 543.173640][T13771] ? tomoyo_path_number_perm+0x237/0x580 [ 543.173654][T13771] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 543.173680][T13771] ? find_held_lock+0x2b/0x80 [ 543.173691][T13771] ? hook_file_ioctl_common+0x145/0x410 [ 543.173709][T13771] security_file_ioctl_compat+0x9b/0x240 [ 543.173723][T13771] __ia32_compat_sys_ioctl+0xc3/0x370 [ 543.173738][T13771] __do_fast_syscall_32+0x7c/0x3a0 [ 543.173756][T13771] do_fast_syscall_32+0x32/0x80 [ 543.173772][T13771] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 543.173785][T13771] RIP: 0023:0xf704e579 [ 543.173794][T13771] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 543.173805][T13771] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 543.173815][T13771] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004004af07 [ 543.173822][T13771] RDX: 0000000080000240 RSI: 0000000000000000 RDI: 0000000000000000 [ 543.173828][T13771] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 543.173834][T13771] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 543.173840][T13771] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 543.173853][T13771] [ 543.173904][T13771] ERROR: Out of memory at tomoyo_realpath_from_path. [ 543.577057][ C2] vcan0: j1939_tp_rxtimer: 0xffff888023a3b000: rx timeout, send abort [ 543.579686][ C2] vcan0: j1939_tp_rxtimer: 0xffff888023a39800: abort rx timeout. Force session deactivation [ 544.079674][ C2] vcan0: j1939_tp_rxtimer: 0xffff888023a3b000: abort rx timeout. Force session deactivation [ 544.291592][T13786] netlink: 'syz.3.2036': attribute type 1 has an invalid length. [ 544.305730][T13786] 8021q: adding VLAN 0 to HW filter on device bond12 [ 544.727291][T13800] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2040'. [ 545.049544][T13811] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 545.296737][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806bf46800: rx timeout, send abort [ 545.796957][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806bf46400: rx timeout, send abort [ 545.799879][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806bf46800: abort rx timeout. Force session deactivation [ 546.299863][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806bf46400: abort rx timeout. Force session deactivation [ 546.433711][T13834] netlink: 1244 bytes leftover after parsing attributes in process `syz.0.2048'. [ 546.759608][T13840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2049'. [ 547.876571][T13855] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 548.122957][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880136c1c00: rx timeout, send abort [ 548.623028][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880136c0400: rx timeout, send abort [ 548.632555][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880136c1c00: abort rx timeout. Force session deactivation [ 548.774840][T13893] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2059'. [ 548.900487][T13885] netfs: Couldn't get user pages (rc=-14) [ 549.126462][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880136c0400: abort rx timeout. Force session deactivation [ 549.545717][T13882] mmap: syz.1.2058 (13882) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 551.586908][T13944] netlink: 'syz.0.2067': attribute type 1 has an invalid length. [ 551.610055][T13944] 8021q: adding VLAN 0 to HW filter on device bond10 [ 551.771570][T13951] netlink: 252 bytes leftover after parsing attributes in process `syz.0.2069'. [ 551.832382][T13952] netlink: 'syz.0.2069': attribute type 4 has an invalid length. [ 552.747240][T13965] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 554.835057][T13995] fuse: Unknown parameter ''ZÒ&' [ 555.048693][T14004] : entered promiscuous mode [ 555.097678][T14005] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 555.671484][T14010] fuse: Unknown parameter ''ZÒ&' [ 556.026651][T14024] netlink: 252 bytes leftover after parsing attributes in process `syz.0.2089'. [ 556.233500][T14025] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2087'. [ 556.279286][T14026] netlink: 'syz.0.2089': attribute type 4 has an invalid length. [ 556.512166][T14029] fuse: Unknown parameter ''ZÒ&' [ 556.916101][T14038] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 557.851717][T14055] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2094'. [ 560.634661][T14073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2102'. [ 560.722922][T14091] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2105'. [ 560.923067][T14101] netlink: 252 bytes leftover after parsing attributes in process `syz.3.2110'. [ 560.984088][T14102] netlink: 'syz.3.2110': attribute type 4 has an invalid length. [ 562.056501][T14118] netlink: 'syz.2.2115': attribute type 1 has an invalid length. [ 562.071970][T14118] 8021q: adding VLAN 0 to HW filter on device bond24 [ 562.325725][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.327869][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.480011][T14133] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2119'. [ 564.271940][T14160] netlink: 'syz.0.2125': attribute type 1 has an invalid length. [ 564.300890][T14160] 8021q: adding VLAN 0 to HW filter on device bond11 [ 564.616042][T14165] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2126'. [ 564.835536][T14169] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 564.895195][T14171] netlink: 'syz.0.2128': attribute type 1 has an invalid length. [ 564.914874][T14171] 8021q: adding VLAN 0 to HW filter on device bond12 [ 565.028846][ C2] vcan0: j1939_tp_rxtimer: 0xffff88805c8a6c00: rx timeout, send abort [ 565.166561][T14180] netlink: 252 bytes leftover after parsing attributes in process `syz.1.2131'. [ 565.224511][T14182] netlink: 'syz.1.2131': attribute type 4 has an invalid length. [ 565.528833][ C2] vcan0: j1939_tp_rxtimer: 0xffff88805fcb6800: rx timeout, send abort [ 565.532236][ C2] vcan0: j1939_tp_rxtimer: 0xffff88805c8a6c00: abort rx timeout. Force session deactivation [ 566.032230][ C2] vcan0: j1939_tp_rxtimer: 0xffff88805fcb6800: abort rx timeout. Force session deactivation [ 567.777282][T14218] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2140'. [ 567.982730][T14233] FAULT_INJECTION: forcing a failure. [ 567.982730][T14233] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 567.986787][T14233] CPU: 1 UID: 0 PID: 14233 Comm: syz.0.2144 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 567.986802][T14233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 567.986810][T14233] Call Trace: [ 567.986814][T14233] [ 567.986819][T14233] dump_stack_lvl+0x16c/0x1f0 [ 567.986855][T14233] should_fail_ex+0x512/0x640 [ 567.986877][T14233] _copy_from_iter+0x29f/0x16f0 [ 567.986898][T14233] ? __pfx__copy_from_iter+0x10/0x10 [ 567.986915][T14233] ? rcu_is_watching+0x12/0xc0 [ 567.986926][T14233] ? trace_kmalloc+0x2b/0xd0 [ 567.986937][T14233] ? __kmalloc_noprof+0x242/0x510 [ 567.986955][T14233] kernfs_fop_write_iter+0x19a/0x510 [ 567.986969][T14233] vfs_write+0x6c4/0x1150 [ 567.986985][T14233] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 567.986998][T14233] ? __pfx_vfs_write+0x10/0x10 [ 567.987011][T14233] ? find_held_lock+0x2b/0x80 [ 567.987031][T14233] ksys_write+0x12a/0x250 [ 567.987045][T14233] ? __pfx_ksys_write+0x10/0x10 [ 567.987061][T14233] ? rcu_is_watching+0x12/0xc0 [ 567.987073][T14233] __do_fast_syscall_32+0x7c/0x3a0 [ 567.987091][T14233] do_fast_syscall_32+0x32/0x80 [ 567.987108][T14233] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 567.987121][T14233] RIP: 0023:0xf7f11579 [ 567.987130][T14233] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 567.987140][T14233] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 567.987150][T14233] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 567.987157][T14233] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000000 [ 567.987163][T14233] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 567.987169][T14233] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 567.987175][T14233] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 567.987189][T14233] [ 568.007157][T14234] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 568.200834][ C2] vcan0: j1939_tp_rxtimer: 0xffff88805c0a6000: rx timeout, send abort [ 568.633470][T14244] block nbd1: shutting down sockets [ 568.700920][ C2] vcan0: j1939_tp_rxtimer: 0xffff88804afbbc00: rx timeout, send abort [ 568.704316][ C2] vcan0: j1939_tp_rxtimer: 0xffff88805c0a6000: abort rx timeout. Force session deactivation [ 569.011614][T14263] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 569.080229][T14268] netlink: 252 bytes leftover after parsing attributes in process `syz.0.2154'. [ 569.140560][T14269] netlink: 'syz.0.2154': attribute type 4 has an invalid length. [ 569.204311][ C2] vcan0: j1939_tp_rxtimer: 0xffff88804afbbc00: abort rx timeout. Force session deactivation [ 569.696788][T14272] FAULT_INJECTION: forcing a failure. [ 569.696788][T14272] name failslab, interval 1, probability 0, space 0, times 0 [ 569.701111][T14272] CPU: 3 UID: 0 PID: 14272 Comm: syz.3.2155 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 569.701127][T14272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 569.701133][T14272] Call Trace: [ 569.701137][T14272] [ 569.701141][T14272] dump_stack_lvl+0x16c/0x1f0 [ 569.701161][T14272] should_fail_ex+0x512/0x640 [ 569.701176][T14272] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 569.701194][T14272] should_failslab+0xc2/0x120 [ 569.701204][T14272] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 569.701220][T14272] ? __alloc_skb+0x2b2/0x380 [ 569.701238][T14272] __alloc_skb+0x2b2/0x380 [ 569.701253][T14272] ? __pfx___alloc_skb+0x10/0x10 [ 569.701269][T14272] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 569.701283][T14272] netlink_alloc_large_skb+0x69/0x130 [ 569.701295][T14272] netlink_sendmsg+0x6a1/0xdd0 [ 569.701309][T14272] ? __pfx_netlink_sendmsg+0x10/0x10 [ 569.701321][T14272] ? __import_iovec+0x1dd/0x650 [ 569.701341][T14272] ____sys_sendmsg+0xa98/0xc70 [ 569.701355][T14272] ? __pfx_____sys_sendmsg+0x10/0x10 [ 569.701366][T14272] ? get_compat_msghdr+0x11a/0x170 [ 569.701389][T14272] ___sys_sendmsg+0x134/0x1d0 [ 569.701406][T14272] ? __pfx____sys_sendmsg+0x10/0x10 [ 569.701428][T14272] ? find_held_lock+0x2b/0x80 [ 569.701447][T14272] __sys_sendmsg+0x16d/0x220 [ 569.701463][T14272] ? __pfx___sys_sendmsg+0x10/0x10 [ 569.701485][T14272] ? rcu_is_watching+0x12/0xc0 [ 569.701497][T14272] __do_fast_syscall_32+0x7c/0x3a0 [ 569.701515][T14272] do_fast_syscall_32+0x32/0x80 [ 569.701531][T14272] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 569.701545][T14272] RIP: 0023:0xf710e579 [ 569.701554][T14272] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 569.701564][T14272] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 569.701574][T14272] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 569.701581][T14272] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 569.701587][T14272] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 569.701593][T14272] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 569.701599][T14272] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 569.701611][T14272] [ 569.821505][T14276] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 570.013616][T14273] block nbd1: shutting down sockets [ 570.066962][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880204d7800: rx timeout, send abort [ 570.100498][T14283] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2159'. [ 570.145243][T14291] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 570.148010][T14287] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2160'. [ 570.184626][T14294] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 570.429547][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806003f000: rx timeout, send abort [ 570.567029][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880204d6400: rx timeout, send abort [ 570.569633][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880204d7800: abort rx timeout. Force session deactivation [ 570.929562][ C0] vcan0: j1939_tp_rxtimer: 0xffff888069b1fc00: rx timeout, send abort [ 570.932476][ C0] vcan0: j1939_tp_rxtimer: 0xffff88806003f000: abort rx timeout. Force session deactivation [ 571.069629][ C2] vcan0: j1939_tp_rxtimer: 0xffff8880204d6400: abort rx timeout. Force session deactivation [ 571.432326][ C0] vcan0: j1939_tp_rxtimer: 0xffff888069b1fc00: abort rx timeout. Force session deactivation [ 572.159874][T14351] Unknown options in mask 7 [ 572.167895][T14351] netlink: 'syz.1.2171': attribute type 3 has an invalid length. [ 572.302628][T14357] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2172'. [ 572.372283][T14337] block nbd3: shutting down sockets [ 572.471225][T14363] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 572.521598][T14361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2173'. [ 572.594216][T14365] ubi31: attaching mtd0 [ 572.599444][T14365] ubi31: scanning is finished [ 572.601070][T14365] ubi31: empty MTD device detected [ 572.684949][T14365] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 572.687588][T14365] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 572.690644][T14365] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 572.693613][T14365] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 572.696722][T14365] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 572.699734][T14365] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 572.706816][T14365] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3026223747 [ 572.710008][T14365] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 572.714557][T14367] ubi31: background thread "ubi_bgt31d" started, PID 14367 [ 572.717424][ C2] vcan0: j1939_tp_rxtimer: 0xffff88805c496000: rx timeout, send abort [ 573.217496][ C2] vcan0: j1939_tp_rxtimer: 0xffff88805c496800: rx timeout, send abort [ 573.220302][ C2] vcan0: j1939_tp_rxtimer: 0xffff88805c496000: abort rx timeout. Force session deactivation [ 573.408710][T14379] netlink: 252 bytes leftover after parsing attributes in process `syz.3.2178'. [ 573.489903][T14384] netlink: 'syz.3.2178': attribute type 4 has an invalid length. [ 573.720284][ C2] vcan0: j1939_tp_rxtimer: 0xffff88805c496800: abort rx timeout. Force session deactivation [ 574.395767][T14397] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2181'. [ 575.136573][T14418] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 575.378110][ C3] vcan0: j1939_tp_rxtimer: 0xffff88806f71cc00: rx timeout, send abort [ 575.656346][T14423] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2188'. [ 575.669351][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.673591][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.677250][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.680473][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.685041][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.689225][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.692615][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.696382][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.699715][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.703151][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.705522][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.708272][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.710708][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.713463][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.715899][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.718598][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.721108][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.723973][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.726595][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.729149][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.731639][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.734655][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.737304][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.739807][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.742270][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.744986][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.747572][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.750187][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.752769][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.755235][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.757804][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.760517][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.780692][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.785021][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.787491][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.789906][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.792544][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.794992][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.797637][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.800104][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.802657][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.805135][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.807666][ T838] hid-generic 0000:007F:FFFFFFFE.002A: unknown main item tag 0x0 [ 575.811132][ T838] hid-generic 0000:007F:FFFFFFFE.002A: hidraw1: HID v0.00 Device [syz1] on syz0 [ 575.841730][T14426] fido_id[14426]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 575.878196][ C3] vcan0: j1939_tp_rxtimer: 0xffff88806f71f800: rx timeout, send abort [ 575.881683][ C3] vcan0: j1939_tp_rxtimer: 0xffff88806f71cc00: abort rx timeout. Force session deactivation [ 576.380915][ C3] vcan0: j1939_tp_rxtimer: 0xffff88806f71f800: abort rx timeout. Force session deactivation [ 576.769175][T14457] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 577.014276][ C2] vcan0: j1939_tp_rxtimer: 0xffff88801d75ec00: rx timeout, send abort [ 577.519099][ C2] vcan0: j1939_tp_rxtimer: 0xffff88801d75c800: rx timeout, send abort [ 577.521649][ C2] vcan0: j1939_tp_rxtimer: 0xffff88801d75ec00: abort rx timeout. Force session deactivation [ 577.584706][T14469] block nbd2: shutting down sockets [ 578.021678][ C2] vcan0: j1939_tp_rxtimer: 0xffff88801d75c800: abort rx timeout. Force session deactivation [ 578.521240][T14492] netlink: 'syz.0.2208': attribute type 1 has an invalid length. [ 578.533870][T14492] 8021q: adding VLAN 0 to HW filter on device bond13 [ 578.875309][T14506] netlink: 'syz.1.2211': attribute type 6 has an invalid length. [ 579.207738][T14510] nfs: Bad value for 'source' [ 580.225458][T14511] block nbd1: shutting down sockets [ 580.772972][T14533] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2219'. [ 582.258918][T14567] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2224'. [ 582.534934][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805fa0d800: rx timeout, send abort [ 583.034992][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805fa0e000: rx timeout, send abort [ 583.038464][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805fa0d800: abort rx timeout. Force session deactivation [ 583.281960][T14602] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2233'. [ 583.537671][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805fa0e000: abort rx timeout. Force session deactivation [ 584.312927][T14646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2237'. [ 585.273899][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.276364][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.289065][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.291694][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.296157][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.299448][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.302904][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.305955][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.308532][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.315658][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.318926][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.321937][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.325144][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.328234][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.331408][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.334120][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.336565][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.339101][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.341502][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.345996][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.348723][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.351128][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.353781][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.356255][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.358820][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.361219][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.364907][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.367359][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.369915][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.372770][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.375184][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.377584][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.380153][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.382751][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.388095][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.391449][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.395505][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.402693][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.408200][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.414894][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.420685][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.423503][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.426138][T13954] hid-generic 0000:007F:FFFFFFFE.002B: unknown main item tag 0x0 [ 585.431118][T13954] hid-generic 0000:007F:FFFFFFFE.002B: hidraw1: HID v0.00 Device [syz1] on syz0 [ 585.480967][T14685] fido_id[14685]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 586.216100][T14700] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2247'. [ 587.743713][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.747516][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.750105][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.754345][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.758048][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.761096][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.766051][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.769245][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.772310][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.775680][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.778899][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.782001][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.785543][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.788825][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.791315][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.794016][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.796550][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.799182][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.801675][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.805968][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.809137][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.811696][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.814444][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.817067][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.819691][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.822283][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.825737][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.828604][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.834149][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.838685][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.847596][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.860897][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.866683][T14739] netlink: 'syz.1.2253': attribute type 1 has an invalid length. [ 587.872806][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.883661][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.894799][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.896187][T14739] 8021q: adding VLAN 0 to HW filter on device bond12 [ 587.902537][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.905166][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.909361][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.920861][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.926787][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.931092][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.934064][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.936537][T13954] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0 [ 587.947100][T13954] hid-generic 0000:007F:FFFFFFFE.002C: hidraw1: HID v0.00 Device [syz1] on syz0 [ 587.974673][T14745] fido_id[14745]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 588.191511][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802b14f400: rx timeout, send abort [ 588.691575][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802b14c000: rx timeout, send abort [ 588.702528][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802b14f400: abort rx timeout. Force session deactivation [ 589.194471][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802b14c000: abort rx timeout. Force session deactivation [ 589.750194][T14805] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2264'. [ 589.887417][T14818] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 590.044891][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c494800: rx timeout, send abort [ 590.544919][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c495000: rx timeout, send abort [ 590.548590][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c494800: abort rx timeout. Force session deactivation [ 591.048318][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c495000: abort rx timeout. Force session deactivation [ 591.284477][T14861] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2271'. [ 593.231002][T14926] FAULT_INJECTION: forcing a failure. [ 593.231002][T14926] name failslab, interval 1, probability 0, space 0, times 0 [ 593.235425][T14926] CPU: 2 UID: 0 PID: 14926 Comm: syz.3.2279 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 593.235442][T14926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 593.235449][T14926] Call Trace: [ 593.235453][T14926] [ 593.235457][T14926] dump_stack_lvl+0x16c/0x1f0 [ 593.235493][T14926] should_fail_ex+0x512/0x640 [ 593.235511][T14926] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 593.235529][T14926] should_failslab+0xc2/0x120 [ 593.235539][T14926] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 593.235555][T14926] ? __alloc_skb+0x2b2/0x380 [ 593.235572][T14926] __alloc_skb+0x2b2/0x380 [ 593.235587][T14926] ? __pfx___alloc_skb+0x10/0x10 [ 593.235603][T14926] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 593.235618][T14926] netlink_alloc_large_skb+0x69/0x130 [ 593.235630][T14926] netlink_sendmsg+0x6a1/0xdd0 [ 593.235644][T14926] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.235656][T14926] ? __import_iovec+0x1dd/0x650 [ 593.235676][T14926] ____sys_sendmsg+0xa98/0xc70 [ 593.235690][T14926] ? __pfx_____sys_sendmsg+0x10/0x10 [ 593.235701][T14926] ? get_compat_msghdr+0x11a/0x170 [ 593.235724][T14926] ___sys_sendmsg+0x134/0x1d0 [ 593.235740][T14926] ? __pfx____sys_sendmsg+0x10/0x10 [ 593.235763][T14926] ? find_held_lock+0x2b/0x80 [ 593.235787][T14926] __sys_sendmsg+0x16d/0x220 [ 593.235803][T14926] ? __pfx___sys_sendmsg+0x10/0x10 [ 593.235825][T14926] ? rcu_is_watching+0x12/0xc0 [ 593.235838][T14926] __do_fast_syscall_32+0x7c/0x3a0 [ 593.235856][T14926] do_fast_syscall_32+0x32/0x80 [ 593.235872][T14926] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 593.235885][T14926] RIP: 0023:0xf710e579 [ 593.235894][T14926] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 593.235904][T14926] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 593.235914][T14926] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080006000 [ 593.235921][T14926] RDX: 0000000000028000 RSI: 0000000000000000 RDI: 0000000000000000 [ 593.235927][T14926] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 593.235933][T14926] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 593.235939][T14926] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 593.235952][T14926] [ 598.685239][ T5944] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 598.690359][ T5944] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 598.729373][ T5944] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 598.733649][ T5944] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 598.739179][ T5944] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 598.754625][ T5952] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 598.757200][ T5952] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 598.762738][ T5952] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 598.777341][ T5952] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 598.787500][ T5952] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 598.956405][ T46] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 598.960240][ T46] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.977469][T15023] chnl_net:caif_netlink_parms(): no params data found [ 599.046498][ T46] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 599.049388][ T46] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.108012][T15023] bridge0: port 1(bridge_slave_0) entered blocking state [ 599.110334][T15023] bridge0: port 1(bridge_slave_0) entered disabled state [ 599.114125][T15023] bridge_slave_0: entered allmulticast mode [ 599.116779][T15023] bridge_slave_0: entered promiscuous mode [ 599.119786][T15023] bridge0: port 2(bridge_slave_1) entered blocking state [ 599.122007][T15023] bridge0: port 2(bridge_slave_1) entered disabled state [ 599.124761][T15023] bridge_slave_1: entered allmulticast mode [ 599.127390][T15023] bridge_slave_1: entered promiscuous mode [ 599.165693][T15023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 599.170466][T15023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 599.234035][ T46] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 599.237118][ T46] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.265805][T15023] team0: Port device team_slave_0 added [ 599.270010][T15023] team0: Port device team_slave_1 added [ 599.338448][T15023] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 599.340607][T15023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 599.350531][T15023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 599.356612][ T46] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 599.359617][ T46] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.371082][T15023] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 599.374624][T15023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 599.384081][T15023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 599.480987][T15023] hsr_slave_0: entered promiscuous mode [ 599.483532][T15023] hsr_slave_1: entered promiscuous mode [ 599.490562][T15023] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 599.495422][T15023] Cannot create hsr debugfs directory [ 599.688397][ T46] bridge_slave_1: left allmulticast mode [ 599.690465][ T46] bridge_slave_1: left promiscuous mode [ 599.693265][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 599.700063][ T46] bridge_slave_0: left allmulticast mode [ 599.701971][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.499689][T15057] netlink: 'syz.0.2298': attribute type 1 has an invalid length. [ 600.862331][ T46] bond1 (unregistering): (slave gretap1): Releasing active interface [ 600.893376][ T5944] Bluetooth: hci1: command tx timeout [ 601.292492][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 601.297790][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 601.303497][ T46] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 601.307802][ T46] bond0 (unregistering): Released all slaves [ 601.390323][ T46] bond1 (unregistering): Released all slaves [ 601.483600][ T46] bond2 (unregistering): Released all slaves [ 601.569914][ T46] bond3 (unregistering): Released all slaves [ 601.647632][ T46] bond4 (unregistering): Released all slaves [ 601.711855][ T46] bond5 (unregistering): Released all slaves [ 601.783827][ T46] bond6 (unregistering): Released all slaves [ 601.855586][ T46] bond7 (unregistering): Released all slaves [ 601.932167][ T46] bond8 (unregistering): Released all slaves [ 602.009306][ T46] bond9 (unregistering): Released all slaves [ 602.077256][ T46] bond10 (unregistering): Released all slaves [ 602.144619][ T46] bond11 (unregistering): Released all slaves [ 602.215857][ T46] bond12 (unregistering): Released all slaves [ 602.298017][ T46] bond13 (unregistering): Released all slaves [ 602.367075][ T46] bond14 (unregistering): Released all slaves [ 602.434065][ T46] bond15 (unregistering): Released all slaves [ 602.506456][ T46] bond16 (unregistering): Released all slaves [ 602.575595][ T46] bond17 (unregistering): Released all slaves [ 602.645241][ T46] bond18 (unregistering): Released all slaves [ 602.731725][ T46] bond19 (unregistering): Released all slaves [ 602.798135][ T46] bond20 (unregistering): Released all slaves [ 602.866604][ T46] bond21 (unregistering): Released all slaves [ 602.936934][ T46] bond22 (unregistering): Released all slaves [ 602.962962][ T5944] Bluetooth: hci1: command tx timeout [ 603.005524][ T46] bond23 (unregistering): Released all slaves [ 603.071291][ T46] bond24 (unregistering): Released all slaves [ 603.093729][T15057] workqueue: Failed to create a rescuer kthread for wq "bond14": -EINTR [ 603.257691][ T46] : left promiscuous mode [ 603.349526][ T46] tipc: Disabling bearer [ 603.351455][ T46] tipc: Left network mode [ 603.377916][ T46] IPVS: stopping master sync thread 10791 ... [ 603.747677][ T46] hsr_slave_0: left promiscuous mode [ 603.756359][ T46] hsr_slave_1: left promiscuous mode [ 603.758614][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 603.761060][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 603.765706][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 603.768082][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 603.801147][ T46] veth1_macvtap: left promiscuous mode [ 603.804425][ T46] veth0_macvtap: left promiscuous mode [ 603.806325][ T46] veth1_vlan: left promiscuous mode [ 603.808038][ T46] veth0_vlan: left promiscuous mode [ 604.206133][T15107] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 604.443075][ T46] team0 (unregistering): Port device team_slave_1 removed [ 604.521357][ T46] team0 (unregistering): Port device team_slave_0 removed [ 605.042582][ T5944] Bluetooth: hci1: command tx timeout [ 606.069771][T15023] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 606.087424][T15023] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 606.099810][T15023] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 606.111213][T15023] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 606.175335][T15023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 606.184167][T15023] 8021q: adding VLAN 0 to HW filter on device team0 [ 606.211695][T15023] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 606.215083][T15023] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 606.237070][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 606.240084][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 606.254175][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 606.257850][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 606.495717][T15023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 606.533555][T15023] veth0_vlan: entered promiscuous mode [ 606.546619][T15023] veth1_vlan: entered promiscuous mode [ 606.631473][T15023] veth0_macvtap: entered promiscuous mode [ 606.640027][T15023] veth1_macvtap: entered promiscuous mode [ 606.815872][T15023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 606.832261][T15023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 606.849415][T15023] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.856855][T15023] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.862509][T15023] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.867338][T15023] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.935376][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.938449][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 606.966388][ T8035] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.969704][ T8035] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 607.126780][ T5944] Bluetooth: hci1: command tx timeout [ 608.260398][ T5952] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 608.266400][ T5952] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 608.270001][ T5952] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 608.274604][ T5952] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 608.277276][ T5952] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 608.398506][T15177] block nbd3: shutting down sockets [ 608.625054][T15195] chnl_net:caif_netlink_parms(): no params data found [ 609.595399][ T8032] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 609.649509][T15195] bridge0: port 1(bridge_slave_0) entered blocking state [ 609.652093][T15195] bridge0: port 1(bridge_slave_0) entered disabled state [ 609.654837][T15195] bridge_slave_0: entered allmulticast mode [ 609.657764][T15195] bridge_slave_0: entered promiscuous mode [ 609.674901][T15195] bridge0: port 2(bridge_slave_1) entered blocking state [ 609.677235][T15195] bridge0: port 2(bridge_slave_1) entered disabled state [ 609.679577][T15195] bridge_slave_1: entered allmulticast mode [ 609.685402][T15195] bridge_slave_1: entered promiscuous mode [ 609.701721][ T8032] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 609.738924][T15195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 609.744550][T15195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 609.783944][T15195] team0: Port device team_slave_0 added [ 609.787413][T15195] team0: Port device team_slave_1 added [ 609.823672][T15195] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 609.825818][T15195] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 609.835315][T15195] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 609.917310][T15228] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2317'. [ 610.145835][ T8032] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 610.155119][T15195] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 610.157863][T15195] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 610.167833][T15195] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 610.243912][ T8032] bridge0: port 3(netdevsim0) entered disabled state [ 610.260040][ T8032] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode [ 610.264175][ T8032] netdevsim netdevsim1 netdevsim0 (unregistering): left promiscuous mode [ 610.269367][ T8032] bridge0: port 3(netdevsim0) entered disabled state [ 610.278695][ T8032] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 610.291108][T15195] hsr_slave_0: entered promiscuous mode [ 610.294983][T15195] hsr_slave_1: entered promiscuous mode [ 610.297075][T15195] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 610.299997][T15195] Cannot create hsr debugfs directory [ 610.322628][ T5952] Bluetooth: hci4: command tx timeout [ 610.486729][ T8032] bridge_slave_1: left allmulticast mode [ 610.488576][ T8032] bridge_slave_1: left promiscuous mode [ 610.490563][ T8032] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.495195][ T8032] bridge_slave_0: left allmulticast mode [ 610.497106][ T8032] bridge_slave_0: left promiscuous mode [ 610.499023][ T8032] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.619799][ T8032] bond1 (unregistering): (slave gretap1): Releasing active interface [ 610.658749][ T8032] team0: Port device geneve0 removed [ 610.836190][ T8032] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 610.840559][ T8032] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 610.845246][ T8032] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 610.848378][ T8032] bond0 (unregistering): Released all slaves [ 610.929434][ T8032] bond1 (unregistering): Released all slaves [ 611.015805][ T8032] bond2 (unregistering): Released all slaves [ 611.095175][ T8032] bond3 (unregistering): Released all slaves [ 611.224844][ T8032] bond4 (unregistering): Released all slaves [ 611.345108][T15242] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2320'. [ 611.424668][ T8032] bond5 (unregistering): Released all slaves [ 611.504625][ T8032] bond6 (unregistering): Released all slaves [ 611.512636][T15248] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2321'. [ 611.590471][ T8032] bond7 (unregistering): Released all slaves [ 611.752277][ T8032] bond8 (unregistering): Released all slaves [ 611.839743][ T8032] bond9 (unregistering): Released all slaves [ 611.920233][ T8032] bond10 (unregistering): Released all slaves [ 612.002766][ T8032] bond11 (unregistering): Released all slaves [ 612.077542][ T8032] bond12 (unregistering): Released all slaves [ 612.402817][ T5952] Bluetooth: hci4: command tx timeout [ 612.640966][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.645790][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.648234][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.651100][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.656087][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.658517][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.660986][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.664544][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.667819][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.670341][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.673348][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.675814][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.678382][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.680797][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.683475][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.686058][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.688558][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.690969][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.693680][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.696243][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.698711][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.701106][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.703840][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.706588][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.709096][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.711562][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.714434][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.717052][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.719668][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.722094][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.727080][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.729496][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.732001][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.735423][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.738046][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.740482][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.744105][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.746701][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.749183][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.751646][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.754407][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.756992][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.759490][T15116] hid-generic 0000:007F:FFFFFFFE.002D: unknown main item tag 0x0 [ 612.764356][T15116] hid-generic 0000:007F:FFFFFFFE.002D: hidraw1: HID v0.00 Device [syz1] on syz0 [ 612.812816][T15280] fido_id[15280]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 612.844880][T15195] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 612.849058][T15195] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 612.853601][T15195] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 612.858354][T15195] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 612.932323][T15195] 8021q: adding VLAN 0 to HW filter on device bond0 [ 612.945330][T15195] 8021q: adding VLAN 0 to HW filter on device team0 [ 612.950450][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.952764][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 612.977237][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.979512][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 613.151289][T15195] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 613.182315][T15195] veth0_vlan: entered promiscuous mode [ 613.189056][T15195] veth1_vlan: entered promiscuous mode [ 613.203384][T15195] veth0_macvtap: entered promiscuous mode [ 613.206850][T15195] veth1_macvtap: entered promiscuous mode [ 613.216091][T15195] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 613.222013][T15195] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 613.225738][T15195] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.228465][T15195] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.231167][T15195] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.235314][T15195] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.273549][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 613.276000][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 613.291516][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 613.295002][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 613.375704][T15308] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2312'. [ 613.684613][ T8032] : left promiscuous mode [ 613.760687][ T8032] tipc: Disabling bearer [ 613.764733][ T8032] tipc: Left network mode [ 613.773769][ T8032] IPVS: stopping master sync thread 11233 ... [ 614.059582][T15314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2329'. [ 614.211446][ T8032] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 614.217614][ T8032] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 614.238938][ T8032] veth1_macvtap: left promiscuous mode [ 614.240759][ T8032] veth0_macvtap: left promiscuous mode [ 614.242863][ T8032] veth1_vlan: left promiscuous mode [ 614.244546][ T8032] veth0_vlan: left promiscuous mode [ 614.485703][ T5952] Bluetooth: hci4: command tx timeout [ 614.539084][T15335] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2331'. [ 614.923576][ T8032] team0 (unregistering): Port device team_slave_1 removed [ 615.021224][ T8032] team0 (unregistering): Port device team_slave_0 removed [ 615.779143][T15355] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 616.568732][ T5952] Bluetooth: hci4: command tx timeout [ 617.282418][T15377] netlink: 252 bytes leftover after parsing attributes in process `syz.3.2339'. [ 617.350492][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.355815][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.358287][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.360742][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.363509][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.366027][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.368470][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.370959][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.374620][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.377310][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.380031][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.382701][T15381] netlink: 'syz.3.2339': attribute type 4 has an invalid length. [ 617.385234][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.388104][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.390533][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.393912][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.397655][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.406710][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.411058][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.419952][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.425459][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.431232][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.434092][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.436705][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.445212][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.450055][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.453662][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.456243][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.460020][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.463566][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.466149][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.468723][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.471215][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.473978][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.477487][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.482185][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.484873][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.487492][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.490110][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.492881][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.495441][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.497975][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.500502][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.503418][ T61] hid-generic 0000:007F:FFFFFFFE.002E: unknown main item tag 0x0 [ 617.509016][ T61] hid-generic 0000:007F:FFFFFFFE.002E: hidraw1: HID v0.00 Device [syz1] on syz0 [ 617.550755][T15386] fido_id[15386]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 619.020180][T15432] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2347'. [ 619.577675][T15445] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 620.862582][ T61] usb 5-1: new low-speed USB device number 45 using dummy_hcd [ 621.016407][ T61] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 621.019804][ T61] usb 5-1: config 0 has no interface number 0 [ 621.022385][ T61] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 621.029483][ T61] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 621.035225][ T61] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 621.039772][ T61] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 621.052835][ T61] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 621.057128][ T61] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 621.064680][ T61] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 621.067998][ T61] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.073875][ T61] usb 5-1: config 0 descriptor?? [ 621.076837][T15465] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 621.079652][T15465] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 621.095547][ T61] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 623.468762][ T6116] usb 5-1: USB disconnect, device number 45 [ 623.472071][ T6116] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 623.779397][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.781433][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.234618][T15596] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2365'. [ 627.048147][T15606] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2368'. [ 631.668618][T15667] block nbd3: shutting down sockets [ 637.343209][T15784] block nbd3: shutting down sockets [ 637.557407][ C2] vcan0: j1939_tp_rxtimer: 0xffff888012ff5800: rx timeout, send abort [ 637.670066][T15824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2400'. [ 637.762879][ T5952] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 637.767148][ T5952] Bluetooth: hci1: Injecting HCI hardware error event [ 637.772785][ T5952] Bluetooth: hci1: hardware error 0x00 [ 638.057489][ C2] vcan0: j1939_tp_rxtimer: 0xffff888023c95c00: rx timeout, send abort [ 638.061382][ C2] vcan0: j1939_tp_rxtimer: 0xffff888012ff5800: abort rx timeout. Force session deactivation [ 638.561027][ C2] vcan0: j1939_tp_rxtimer: 0xffff888023c95c00: abort rx timeout. Force session deactivation [ 639.821516][T15876] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2406'. [ 639.923220][ T5952] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 640.554946][T15884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2407'. [ 641.277634][T15882] block nbd3: shutting down sockets [ 641.900140][T15909] netlink: 'syz.1.2415': attribute type 1 has an invalid length. [ 641.914774][T15909] 8021q: adding VLAN 0 to HW filter on device bond1 [ 642.229841][T15913] netlink: 'syz.1.2416': attribute type 4 has an invalid length. [ 642.878850][T15927] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2417'. [ 643.697083][T15935] netlink: 'syz.0.2421': attribute type 1 has an invalid length. [ 643.710924][T15935] 8021q: adding VLAN 0 to HW filter on device bond14 [ 644.507260][T15962] netlink: 'syz.2.2424': attribute type 1 has an invalid length. [ 644.523702][T15962] 8021q: adding VLAN 0 to HW filter on device bond1 [ 646.563662][T15994] netlink: 'syz.0.2431': attribute type 1 has an invalid length. [ 646.575540][T15994] 8021q: adding VLAN 0 to HW filter on device bond15 [ 647.048954][T16006] block nbd0: shutting down sockets [ 648.718517][T16042] netlink: 'syz.0.2443': attribute type 1 has an invalid length. [ 648.786534][T16042] 8021q: adding VLAN 0 to HW filter on device bond16 [ 649.714391][T16068] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2448'. [ 651.528268][T16089] netlink: 'syz.0.2454': attribute type 1 has an invalid length. [ 651.571968][T16089] 8021q: adding VLAN 0 to HW filter on device bond17 [ 651.852528][ T6116] usb 6-1: new full-speed USB device number 33 using dummy_hcd [ 651.992550][ T6116] usb 6-1: device descriptor read/64, error -71 [ 652.242662][ T6116] usb 6-1: new full-speed USB device number 34 using dummy_hcd [ 652.405382][ T6116] usb 6-1: device descriptor read/64, error -71 [ 652.542877][ T6116] usb usb6-port1: attempt power cycle [ 653.142536][ T6116] usb 6-1: new full-speed USB device number 35 using dummy_hcd [ 653.895113][ T6116] usb 6-1: device descriptor read/8, error -71 [ 654.134158][ T6116] usb 6-1: new full-speed USB device number 36 using dummy_hcd [ 654.153260][ T6116] usb 6-1: device descriptor read/8, error -71 [ 654.269500][ T6116] usb usb6-port1: unable to enumerate USB device [ 654.894824][T16162] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2467'. [ 656.031931][T16192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2469'. [ 656.260081][T16213] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2471'. [ 657.871463][T16245] block nbd2: shutting down sockets [ 657.930239][T16276] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2478'. [ 659.083640][T16287] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2482'. [ 659.752640][T16291] block nbd3: shutting down sockets [ 660.012816][ T5944] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 660.020157][ T5944] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 660.023976][ T5944] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 660.028646][ T5944] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 660.031900][ T5944] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 660.215546][T16324] chnl_net:caif_netlink_parms(): no params data found [ 660.330501][T16324] bridge0: port 1(bridge_slave_0) entered blocking state [ 660.333306][T16324] bridge0: port 1(bridge_slave_0) entered disabled state [ 660.335806][T16324] bridge_slave_0: entered allmulticast mode [ 660.339302][T16324] bridge_slave_0: entered promiscuous mode [ 660.344096][T16324] bridge0: port 2(bridge_slave_1) entered blocking state [ 660.346952][T16324] bridge0: port 2(bridge_slave_1) entered disabled state [ 660.349741][T16324] bridge_slave_1: entered allmulticast mode [ 660.352363][T16324] bridge_slave_1: entered promiscuous mode [ 660.426037][T16324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 660.537754][T16336] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2488'. [ 660.566690][T16324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 660.605076][T16324] team0: Port device team_slave_0 added [ 660.608690][T16324] team0: Port device team_slave_1 added [ 660.646663][T16324] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 660.648988][T16324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 660.657068][T16324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 660.661417][T16324] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 660.666446][T16324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 660.674557][T16324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 660.717235][T16324] hsr_slave_0: entered promiscuous mode [ 660.719524][T16324] hsr_slave_1: entered promiscuous mode [ 660.721584][T16324] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 660.725685][T16324] Cannot create hsr debugfs directory [ 660.801930][ T1139] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.214369][ T1139] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.323014][ T1139] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.399192][ T1139] bridge0: port 3(netdevsim0) entered disabled state [ 661.428861][ T1139] netdevsim netdevsim3 netdevsim0 (unregistering): left allmulticast mode [ 661.431877][ T1139] netdevsim netdevsim3 netdevsim0 (unregistering): left promiscuous mode [ 661.435418][ T1139] bridge0: port 3(netdevsim0) entered disabled state [ 661.440023][ T1139] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.576987][ T1139] bridge_slave_1: left allmulticast mode [ 661.579249][ T1139] bridge_slave_1: left promiscuous mode [ 661.581539][ T1139] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.589139][ T1139] bridge_slave_0: left allmulticast mode [ 661.591477][ T1139] bridge_slave_0: left promiscuous mode [ 661.594035][ T1139] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.736374][T16358] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2491'. [ 661.799732][ T1139] bond1 (unregistering): (slave gretap1): Releasing active interface [ 662.046616][T16365] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2492'. [ 662.082783][ T5944] Bluetooth: hci2: command tx timeout [ 662.246644][ T1139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 662.251042][ T1139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 662.256667][ T1139] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 662.259775][ T1139] bond0 (unregistering): Released all slaves [ 662.337992][ T1139] bond1 (unregistering): Released all slaves [ 662.418825][ T1139] bond2 (unregistering): Released all slaves [ 662.494539][ T1139] bond3 (unregistering): Released all slaves [ 662.565287][ T1139] bond4 (unregistering): Released all slaves [ 662.637095][ T1139] bond5 (unregistering): Released all slaves [ 662.715155][ T1139] bond6 (unregistering): Released all slaves [ 662.807709][ T1139] bond7 (unregistering): Released all slaves [ 662.914434][ T1139] bond8 (unregistering): Released all slaves [ 663.019174][ T1139] bond9 (unregistering): Released all slaves [ 663.130792][ T1139] bond10 (unregistering): Released all slaves [ 663.266274][ T1139] bond11 (unregistering): Released all slaves [ 663.354038][ T1139] bond12 (unregistering): Released all slaves [ 663.497075][ T1139] tipc: Disabling bearer [ 663.498832][ T1139] tipc: Left network mode [ 663.553105][ T1139] IPVS: stopping master sync thread 10995 ... [ 664.009666][ T1139] hsr_slave_0: left promiscuous mode [ 664.011938][ T1139] hsr_slave_1: left promiscuous mode [ 664.018251][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 664.020639][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 664.024260][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 664.026685][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 664.075484][ T1139] veth1_macvtap: left promiscuous mode [ 664.077289][ T1139] veth0_macvtap: left promiscuous mode [ 664.079092][ T1139] veth1_vlan: left promiscuous mode [ 664.080774][ T1139] veth0_vlan: left promiscuous mode [ 664.162638][ T5944] Bluetooth: hci2: command tx timeout [ 665.711014][ T1139] team0 (unregistering): Port device team_slave_1 removed [ 665.783051][ T1139] team0 (unregistering): Port device team_slave_0 removed [ 666.242605][ T5944] Bluetooth: hci2: command tx timeout [ 666.476241][T16324] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 666.481710][T16324] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 666.487322][T16324] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 666.491688][T16324] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 666.674160][T16414] netlink: 'syz.2.2499': attribute type 1 has an invalid length. [ 666.731325][T16414] 8021q: adding VLAN 0 to HW filter on device bond2 [ 666.763046][T16324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 666.787596][T16324] 8021q: adding VLAN 0 to HW filter on device team0 [ 666.806432][T16324] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 666.809658][T16324] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 666.817731][ T8031] bridge0: port 1(bridge_slave_0) entered blocking state [ 666.819982][ T8031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 666.823259][ T8031] bridge0: port 2(bridge_slave_1) entered blocking state [ 666.825508][ T8031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 667.023080][T16436] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2500'. [ 667.139027][T16324] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 667.170235][T16324] veth0_vlan: entered promiscuous mode [ 667.180625][T16324] veth1_vlan: entered promiscuous mode [ 667.209852][T16324] veth0_macvtap: entered promiscuous mode [ 667.217961][T16324] veth1_macvtap: entered promiscuous mode [ 667.231341][T16324] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 667.244245][T16324] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 667.250754][T16324] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.256419][T16324] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.259169][T16324] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.261892][T16324] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.309271][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 667.311776][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 667.325340][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 667.328675][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 667.830571][T16428] block nbd2: shutting down sockets [ 667.860045][ T5952] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 667.864444][ T5952] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 667.867411][ T5952] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 667.871511][ T5952] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 667.874388][ T5952] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 668.101705][ T8032] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.168639][T16448] chnl_net:caif_netlink_parms(): no params data found [ 668.245875][ T8032] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.322726][ T5944] Bluetooth: hci2: command tx timeout [ 668.335737][T16448] bridge0: port 1(bridge_slave_0) entered blocking state [ 668.338029][T16448] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.340877][T16448] bridge_slave_0: entered allmulticast mode [ 668.344921][T16448] bridge_slave_0: entered promiscuous mode [ 668.365439][ T8032] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.374503][T16448] bridge0: port 2(bridge_slave_1) entered blocking state [ 668.377307][T16448] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.380065][T16448] bridge_slave_1: entered allmulticast mode [ 668.383847][T16448] bridge_slave_1: entered promiscuous mode [ 668.486856][ T8032] bridge0: port 3(netdevsim0) entered disabled state [ 668.519664][ T8032] netdevsim netdevsim0 netdevsim0 (unregistering): left allmulticast mode [ 668.522746][ T8032] netdevsim netdevsim0 netdevsim0 (unregistering): left promiscuous mode [ 668.526012][ T8032] bridge0: port 3(netdevsim0) entered disabled state [ 668.530906][ T8032] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.541208][T16448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 668.550380][T16448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 668.608650][T16448] team0: Port device team_slave_0 added [ 668.615687][T16448] team0: Port device team_slave_1 added [ 668.656597][T16448] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 668.658838][T16448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 668.668248][T16448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 668.674627][T16448] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 668.678560][T16448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 668.688870][T16448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 668.771536][ T8032] bridge_slave_1: left allmulticast mode [ 668.773448][ T8032] bridge_slave_1: left promiscuous mode [ 668.775395][ T8032] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.780203][ T8032] bridge_slave_0: left allmulticast mode [ 668.781987][ T8032] bridge_slave_0: left promiscuous mode [ 668.786237][ T8032] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.902349][ T8032] bond1 (unregistering): (slave gretap1): Releasing active interface [ 668.928754][ T8032] dvmrp8 (unregistering): left allmulticast mode [ 669.105976][ T8032] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 669.115324][ T8032] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 669.120771][ T8032] bond0 (unregistering): Released all slaves [ 669.238998][ T8032] bond1 (unregistering): Released all slaves [ 669.537101][T16473] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2507'. [ 669.646835][ T8032] bond2 (unregistering): Released all slaves [ 669.760879][ T8032] bond3 (unregistering): Released all slaves [ 669.893710][ T8032] bond4 (unregistering): Released all slaves [ 669.927131][ T5944] Bluetooth: hci3: command tx timeout [ 670.008965][ T8032] bond5 (unregistering): Released all slaves [ 670.089263][ T8032] bond6 (unregistering): Released all slaves [ 670.163260][ T8032] bond7 (unregistering): Released all slaves [ 670.268189][ T8032] bond8 (unregistering): Released all slaves [ 670.486292][ T8032] bond9 (unregistering): Released all slaves [ 670.504828][T16485] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2510'. [ 670.608653][ T8032] bond10 (unregistering): Released all slaves [ 670.728480][ T8032] bond11 (unregistering): Released all slaves [ 670.874025][ T8032] bond12 (unregistering): Released all slaves [ 670.963290][ T8032] bond13 (unregistering): Released all slaves [ 671.113720][ T8032] bond14 (unregistering): Released all slaves [ 671.230056][ T8032] bond15 (unregistering): Released all slaves [ 671.312092][ T8032] bond16 (unregistering): Released all slaves [ 671.383828][ T8032] bond17 (unregistering): Released all slaves [ 671.395355][T16448] hsr_slave_0: entered promiscuous mode [ 671.397761][T16448] hsr_slave_1: entered promiscuous mode [ 671.399922][T16448] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 671.402512][T16448] Cannot create hsr debugfs directory [ 671.833276][ T8032] : left promiscuous mode [ 671.929225][ T8032] tipc: Disabling bearer [ 671.939171][ T8032] tipc: Left network mode [ 672.002815][ T5944] Bluetooth: hci3: command tx timeout [ 672.013114][ T8032] IPVS: stopping master sync thread 10486 ... [ 672.175816][T16514] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2514'. [ 672.266738][ T8032] hsr_slave_0: left promiscuous mode [ 672.268960][ T8032] hsr_slave_1: left promiscuous mode [ 672.271008][ T8032] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 672.273494][ T8032] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 672.276421][ T8032] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 672.278755][ T8032] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 672.311962][ T8032] veth1_macvtap: left promiscuous mode [ 672.315493][ T8032] veth0_macvtap: left promiscuous mode [ 672.318050][ T8032] veth1_vlan: left promiscuous mode [ 672.320347][ T8032] veth0_vlan: left promiscuous mode [ 673.083469][ T8032] team0 (unregistering): Port device team_slave_1 removed [ 673.249904][ T8032] team0 (unregistering): Port device team_slave_0 removed [ 673.964301][T16538] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2517'. [ 674.152550][ T5944] Bluetooth: hci3: command tx timeout [ 674.442077][T16448] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 674.457593][T16448] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 674.463477][T16448] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 674.469213][T16448] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 674.564544][T16448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 674.576776][T16448] 8021q: adding VLAN 0 to HW filter on device team0 [ 674.582300][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 674.584580][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 674.598584][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.600973][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 674.740390][T16448] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 674.806396][ T8032] IPVS: stop unused estimator thread 0... [ 674.807670][T16448] veth0_vlan: entered promiscuous mode [ 674.823626][T16448] veth1_vlan: entered promiscuous mode [ 674.843506][T16448] veth0_macvtap: entered promiscuous mode [ 674.847150][T16448] veth1_macvtap: entered promiscuous mode [ 674.861115][T16448] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 674.867282][T16448] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 674.878783][T16448] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.881612][T16448] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.886360][T16448] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.889045][T16448] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.939325][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 674.941870][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 674.961028][ T8033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 674.967008][ T8033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 675.352295][T16595] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 675.969155][T16599] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2522'. [ 676.172528][ T5944] Bluetooth: hci3: command tx timeout [ 676.262002][T16612] Bluetooth: MGMT ver 1.23 [ 676.687567][T16607] block nbd0: shutting down sockets [ 677.517285][T16648] netlink: 'syz.2.2532': attribute type 1 has an invalid length. [ 677.540132][T16648] 8021q: adding VLAN 0 to HW filter on device bond3 [ 679.902149][T16703] netlink: 'syz.2.2541': attribute type 1 has an invalid length. [ 679.914620][T16703] 8021q: adding VLAN 0 to HW filter on device bond4 [ 680.190773][T16707] 9pnet_fd: Insufficient options for proto=fd [ 680.384914][T16691] block nbd1: shutting down sockets [ 680.803749][T16728] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 680.892551][ T5944] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 680.896445][ T5944] Bluetooth: hci2: Injecting HCI hardware error event [ 680.899791][ T5944] Bluetooth: hci2: hardware error 0x00 [ 681.821556][T16755] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2550'. [ 682.281300][T16736] block nbd2: shutting down sockets [ 682.551033][T16771] 9pnet_fd: Insufficient options for proto=fd [ 682.727685][T16781] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2551'. [ 682.999535][ T5944] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 684.795163][T16814] netlink: 'syz.3.2562': attribute type 1 has an invalid length. [ 684.815666][T16814] 8021q: adding VLAN 0 to HW filter on device bond1 [ 684.928811][T16817] netlink: 'syz.0.2561': attribute type 1 has an invalid length. [ 685.005912][T16823] netlink: 'syz.1.2565': attribute type 1 has an invalid length. [ 685.025916][T16823] 8021q: adding VLAN 0 to HW filter on device bond2 [ 685.083685][T16825] 9pnet_fd: Insufficient options for proto=fd [ 685.209177][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.211956][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.446862][T16854] netlink: 'syz.0.2570': attribute type 1 has an invalid length. [ 687.533981][T16858] netlink: 'syz.2.2572': attribute type 1 has an invalid length. [ 687.564487][T16858] 8021q: adding VLAN 0 to HW filter on device bond5 [ 687.951155][T16873] 9pnet_fd: Insufficient options for proto=fd [ 688.203566][T16880] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2575'. [ 690.442866][T16929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2585'. [ 691.173728][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.176203][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.178673][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.181117][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.184432][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.187095][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.190001][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.192397][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.195637][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.198121][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.200556][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.222740][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.225397][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.227850][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.231350][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.234312][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.236778][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.239234][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.241823][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.249683][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.252183][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.259866][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.262431][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.264929][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.267309][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.279675][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.282197][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.289667][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.292111][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.294696][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.297348][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.299969][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.302391][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.305056][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.308627][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.311297][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.313818][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.316264][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.318790][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.321412][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.324038][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.326500][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.328970][T15116] hid-generic 0000:007F:FFFFFFFE.002F: unknown main item tag 0x0 [ 691.337048][T15116] hid-generic 0000:007F:FFFFFFFE.002F: hidraw1: HID v0.00 Device [syz1] on syz0 [ 691.385523][T16962] fido_id[16962]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 692.744001][T17006] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2592'. [ 693.129244][T17016] block nbd1: shutting down sockets [ 694.245006][ T5944] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 694.249256][ T5944] Bluetooth: hci3: Injecting HCI hardware error event [ 694.253301][ T5952] Bluetooth: hci3: hardware error 0x00 [ 696.482767][ T5952] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 696.704889][T17083] block nbd2: shutting down sockets [ 699.220491][T17145] netlink: 'syz.3.2617': attribute type 1 has an invalid length. [ 699.261672][T17145] 8021q: adding VLAN 0 to HW filter on device bond2 [ 700.324955][T17180] block nbd0: shutting down sockets [ 702.016826][T17218] 9pnet_fd: Insufficient options for proto=fd [ 703.946843][T17252] block nbd0: shutting down sockets [ 704.657877][ T5952] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 704.662019][ T5952] Bluetooth: hci4: Injecting HCI hardware error event [ 704.665711][ T5952] Bluetooth: hci4: hardware error 0x00 [ 704.828732][T17274] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2637'. [ 705.434217][T17298] netlink: 'syz.2.2639': attribute type 4 has an invalid length. [ 705.981008][T17309] netlink: 'syz.3.2641': attribute type 1 has an invalid length. [ 705.993880][T17309] 8021q: adding VLAN 0 to HW filter on device bond3 [ 706.724326][ T5952] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 708.380419][T17369] netlink: 'syz.0.2647': attribute type 1 has an invalid length. [ 708.475437][T17369] 8021q: adding VLAN 0 to HW filter on device bond1 [ 708.734272][T17378] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2648'. [ 710.853993][T17420] netlink: 'syz.2.2656': attribute type 4 has an invalid length. [ 711.543054][T17451] netlink: 'syz.3.2658': attribute type 1 has an invalid length. [ 711.567609][T17451] 8021q: adding VLAN 0 to HW filter on device bond4 [ 711.953717][T17469] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2660'. [ 713.522396][T17504] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2664'. [ 714.030695][T17517] block nbd0: shutting down sockets [ 714.236541][T17529] netlink: 'syz.0.2669': attribute type 1 has an invalid length. [ 714.307329][T17529] 8021q: adding VLAN 0 to HW filter on device bond2 [ 716.413018][T17573] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2676'. [ 716.775938][T17595] netlink: 'syz.2.2680': attribute type 1 has an invalid length. [ 716.787459][T17595] 8021q: adding VLAN 0 to HW filter on device bond6 [ 719.993471][T17663] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2687'. [ 720.108090][T17669] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2688'. [ 720.350532][T17679] netlink: 'syz.1.2690': attribute type 1 has an invalid length. [ 720.371728][T17679] 8021q: adding VLAN 0 to HW filter on device bond3 [ 723.795514][T17760] netlink: 'syz.1.2700': attribute type 1 has an invalid length. [ 723.811602][T17760] 8021q: adding VLAN 0 to HW filter on device bond4 [ 724.041183][T17767] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2701'. [ 726.362762][T17839] netlink: 'syz.3.2714': attribute type 4 has an invalid length. [ 727.445052][T15116] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 727.454317][T15116] hid-generic 0000:0000:0000.0030: hidraw1: HID v0.00 Device [syz1] on syz0 [ 727.546943][T17879] macvlan2: entered promiscuous mode [ 727.548637][T17879] macvlan2: entered allmulticast mode [ 727.551712][T17879] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 731.200041][T18018] netlink: 'syz.3.2733': attribute type 4 has an invalid length. [ 735.352656][T18102] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2744'. [ 737.266881][T15116] kernel read not supported for file /dsp (pid: 15116 comm: kworker/2:1) [ 738.513611][T18173] block nbd2: shutting down sockets [ 741.511928][T18271] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2765'. [ 743.630592][T18353] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2777'. [ 744.258367][T18381] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2781'. [ 744.682523][T18365] block nbd3: shutting down sockets [ 746.656451][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.658515][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 746.661632][ T1414] ================================================================== [ 746.664190][ T1414] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90 [ 746.666540][ T1414] Read of size 8 at addr ffff88802733c020 by task aoe_tx0/1414 [ 746.669643][ T1414] [ 746.670882][ T1414] CPU: 2 UID: 0 PID: 1414 Comm: aoe_tx0 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 746.670897][ T1414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 746.670904][ T1414] Call Trace: [ 746.670909][ T1414] [ 746.670914][ T1414] dump_stack_lvl+0x116/0x1f0 [ 746.670940][ T1414] print_report+0xcd/0x680 [ 746.670957][ T1414] ? __virt_addr_valid+0x81/0x610 [ 746.670968][ T1414] ? __phys_addr+0xe8/0x180 [ 746.670979][ T1414] ? tty_write_room+0x7d/0x90 [ 746.670990][ T1414] kasan_report+0xe0/0x110 [ 746.670999][ T1414] ? tty_write_room+0x7d/0x90 [ 746.671012][ T1414] tty_write_room+0x7d/0x90 [ 746.671024][ T1414] handle_tx+0x14f/0x630 [ 746.671034][ T1414] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 746.671051][ T1414] dev_hard_start_xmit+0x94/0x740 [ 746.671066][ T1414] __dev_queue_xmit+0x7eb/0x43e0 [ 746.671081][ T1414] ? lockdep_hardirqs_on+0x7c/0x110 [ 746.671095][ T1414] ? finish_task_switch.isra.0+0x221/0xc10 [ 746.671107][ T1414] ? rcu_is_watching+0x12/0xc0 [ 746.671117][ T1414] ? __pfx___dev_queue_xmit+0x10/0x10 [ 746.671132][ T1414] ? __lock_acquire+0xb8a/0x1c90 [ 746.671146][ T1414] ? __lock_acquire+0xb8a/0x1c90 [ 746.671164][ T1414] ? do_raw_spin_lock+0x12c/0x2b0 [ 746.671179][ T1414] ? find_held_lock+0x2b/0x80 [ 746.671190][ T1414] ? skb_dequeue+0x126/0x180 [ 746.671201][ T1414] ? find_held_lock+0x2b/0x80 [ 746.671211][ T1414] ? rcu_is_watching+0x12/0xc0 [ 746.671222][ T1414] tx+0xcc/0x190 [ 746.671232][ T1414] ? __pfx_tx+0x10/0x10 [ 746.671241][ T1414] kthread+0x1e4/0x3e0 [ 746.671257][ T1414] ? find_held_lock+0x2b/0x80 [ 746.671266][ T1414] ? __pfx_kthread+0x10/0x10 [ 746.671282][ T1414] ? __pfx_default_wake_function+0x10/0x10 [ 746.671293][ T1414] ? lockdep_hardirqs_on+0x7c/0x110 [ 746.671307][ T1414] ? __kthread_parkme+0x19e/0x250 [ 746.671320][ T1414] ? __pfx_kthread+0x10/0x10 [ 746.671335][ T1414] kthread+0x3c5/0x780 [ 746.671349][ T1414] ? __pfx_kthread+0x10/0x10 [ 746.671363][ T1414] ? rcu_is_watching+0x12/0xc0 [ 746.671373][ T1414] ? __pfx_kthread+0x10/0x10 [ 746.671387][ T1414] ret_from_fork+0x5d4/0x6f0 [ 746.671400][ T1414] ? __pfx_kthread+0x10/0x10 [ 746.671414][ T1414] ret_from_fork_asm+0x1a/0x30 [ 746.671428][ T1414] [ 746.671432][ T1414] [ 746.743588][ T1414] Allocated by task 18399: [ 746.745030][ T1414] kasan_save_stack+0x33/0x60 [ 746.746528][ T1414] kasan_save_track+0x14/0x30 [ 746.748025][ T1414] __kasan_kmalloc+0xaa/0xb0 [ 746.749539][ T1414] alloc_tty_struct+0x96/0x8c0 [ 746.751067][ T1414] tty_init_dev.part.0+0x1e/0x500 [ 746.752641][ T1414] tty_init_dev+0x60/0x80 [ 746.754019][ T1414] ptmx_open+0x10d/0x360 [ 746.755391][ T1414] chrdev_open+0x231/0x6a0 [ 746.756793][ T1414] do_dentry_open+0x744/0x1c10 [ 746.758322][ T1414] vfs_open+0x82/0x3f0 [ 746.759610][ T1414] path_openat+0x1de4/0x2cb0 [ 746.760982][ T1414] do_filp_open+0x20b/0x470 [ 746.762410][ T1414] do_sys_openat2+0x11b/0x1d0 [ 746.763889][ T1414] __ia32_compat_sys_openat+0x16d/0x210 [ 746.765647][ T1414] __do_fast_syscall_32+0x7c/0x3a0 [ 746.767265][ T1414] do_fast_syscall_32+0x32/0x80 [ 746.768798][ T1414] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 746.770783][ T1414] [ 746.771539][ T1414] Freed by task 10792: [ 746.772816][ T1414] kasan_save_stack+0x33/0x60 [ 746.774327][ T1414] kasan_save_track+0x14/0x30 [ 746.775837][ T1414] kasan_save_free_info+0x3b/0x60 [ 746.777426][ T1414] __kasan_slab_free+0x51/0x70 [ 746.778969][ T1414] kfree+0x2b4/0x4d0 [ 746.780212][ T1414] process_one_work+0x9cf/0x1b70 [ 746.781771][ T1414] worker_thread+0x6c8/0xf10 [ 746.783225][ T1414] kthread+0x3c5/0x780 [ 746.784532][ T1414] ret_from_fork+0x5d4/0x6f0 [ 746.786007][ T1414] ret_from_fork_asm+0x1a/0x30 [ 746.787768][ T1414] [ 746.788624][ T1414] Last potentially related work creation: [ 746.790763][ T1414] kasan_save_stack+0x33/0x60 [ 746.792450][ T1414] kasan_record_aux_stack+0xa7/0xc0 [ 746.794109][ T1414] insert_work+0x36/0x230 [ 746.795603][ T1414] __queue_work+0x97e/0x10f0 [ 746.797092][ T1414] queue_work_on+0x1a4/0x1f0 [ 746.798553][ T1414] release_tty+0x4de/0x5d0 [ 746.799992][ T1414] tty_release_struct+0xb7/0xe0 [ 746.801551][ T1414] tty_release+0xe2d/0x1430 [ 746.802987][ T1414] __fput+0x402/0xb70 [ 746.804289][ T1414] task_work_run+0x14d/0x240 [ 746.805783][ T1414] exit_to_user_mode_loop+0xeb/0x110 [ 746.807442][ T1414] __do_fast_syscall_32+0x2ac/0x3a0 [ 746.809337][ T1414] do_fast_syscall_32+0x32/0x80 [ 746.811189][ T1414] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 746.813616][ T1414] [ 746.814592][ T1414] The buggy address belongs to the object at ffff88802733c000 [ 746.814592][ T1414] which belongs to the cache kmalloc-cg-2k of size 2048 [ 746.819303][ T1414] The buggy address is located 32 bytes inside of [ 746.819303][ T1414] freed 2048-byte region [ffff88802733c000, ffff88802733c800) [ 746.823484][ T1414] [ 746.824264][ T1414] The buggy address belongs to the physical page: [ 746.826290][ T1414] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27338 [ 746.829000][ T1414] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 746.831628][ T1414] memcg:ffff888027cd8001 [ 746.832993][ T1414] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 746.835479][ T1414] page_type: f5(slab) [ 746.836738][ T1414] raw: 00fff00000000040 ffff88801b84c140 0000000000000000 dead000000000001 [ 746.839397][ T1414] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff888027cd8001 [ 746.842086][ T1414] head: 00fff00000000040 ffff88801b84c140 0000000000000000 dead000000000001 [ 746.844771][ T1414] head: 0000000000000000 0000000000080008 00000000f5000000 ffff888027cd8001 [ 746.847456][ T1414] head: 00fff00000000003 ffffea00009cce01 00000000ffffffff 00000000ffffffff [ 746.850537][ T1414] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 746.853559][ T1414] page dumped because: kasan: bad access detected [ 746.855608][ T1414] page_owner tracks the page as allocated [ 746.857387][ T1414] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5940, tgid 5940 (syz-executor), ts 231192040942, free_ts 229859761590 [ 746.863896][ T1414] post_alloc_hook+0x1c0/0x230 [ 746.865436][ T1414] get_page_from_freelist+0x1321/0x3890 [ 746.867166][ T1414] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 746.869058][ T1414] alloc_pages_mpol+0x1fb/0x550 [ 746.870603][ T1414] new_slab+0x23b/0x330 [ 746.871911][ T1414] ___slab_alloc+0xd9c/0x1940 [ 746.873398][ T1414] __slab_alloc.constprop.0+0x56/0xb0 [ 746.875097][ T1414] __kvmalloc_node_noprof+0x3b1/0x620 [ 746.876778][ T1414] alloc_fdtable+0xee/0x2b0 [ 746.878218][ T1414] dup_fd+0x83b/0xb90 [ 746.879481][ T1414] copy_process+0x230c/0x76a0 [ 746.880969][ T1414] kernel_clone+0xfc/0x960 [ 746.882380][ T1414] __do_compat_sys_ia32_clone+0xcb/0x110 [ 746.884143][ T1414] __do_fast_syscall_32+0x7c/0x3a0 [ 746.885782][ T1414] do_fast_syscall_32+0x32/0x80 [ 746.887318][ T1414] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 746.889305][ T1414] page last free pid 8244 tgid 8243 stack trace: [ 746.891327][ T1414] __free_frozen_pages+0x7fe/0x1180 [ 746.892964][ T1414] __put_partials+0x16d/0x1c0 [ 746.894455][ T1414] qlist_free_all+0x4d/0x120 [ 746.895916][ T1414] kasan_quarantine_reduce+0x195/0x1e0 [ 746.897645][ T1414] __kasan_kmalloc+0x8a/0xb0 [ 746.899239][ T1414] __kmalloc_node_noprof+0x21e/0x500 [ 746.900994][ T1414] load_msg+0x43/0x4a0 [ 746.902282][ T1414] do_mq_timedsend+0x3d7/0xc40 [ 746.903773][ T1414] __ia32_sys_mq_timedsend_time32+0x1cd/0x260 [ 746.905689][ T1414] __do_fast_syscall_32+0x7c/0x3a0 [ 746.907295][ T1414] do_fast_syscall_32+0x32/0x80 [ 746.908818][ T1414] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 746.910803][ T1414] [ 746.911569][ T1414] Memory state around the buggy address: [ 746.913325][ T1414] ffff88802733bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 746.915798][ T1414] ffff88802733bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 746.918311][ T1414] >ffff88802733c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 746.920776][ T1414] ^ [ 746.922386][ T1414] ffff88802733c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 746.924898][ T1414] ffff88802733c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 746.927404][ T1414] ================================================================== [ 746.930149][ T1414] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 746.932367][ T1414] CPU: 2 UID: 0 PID: 1414 Comm: aoe_tx0 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 746.936106][ T1414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 746.939433][ T1414] Call Trace: [ 746.940490][ T1414] [ 746.941437][ T1414] dump_stack_lvl+0x3d/0x1f0 [ 746.942900][ T1414] panic+0x71c/0x800 [ 746.944167][ T1414] ? __pfx_panic+0x10/0x10 [ 746.945597][ T1414] ? irqentry_exit+0x3b/0x90 [ 746.947063][ T1414] ? lockdep_hardirqs_on+0x7c/0x110 [ 746.948700][ T1414] ? tty_write_room+0x7d/0x90 [ 746.950217][ T1414] ? check_panic_on_warn+0x1f/0xb0 [ 746.951823][ T1414] ? tty_write_room+0x7d/0x90 [ 746.953304][ T1414] check_panic_on_warn+0xab/0xb0 [ 746.954866][ T1414] end_report+0x107/0x170 [ 746.956269][ T1414] kasan_report+0xee/0x110 [ 746.957684][ T1414] ? tty_write_room+0x7d/0x90 [ 746.959171][ T1414] tty_write_room+0x7d/0x90 [ 746.960600][ T1414] handle_tx+0x14f/0x630 [ 746.961942][ T1414] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 746.963756][ T1414] dev_hard_start_xmit+0x94/0x740 [ 746.965549][ T1414] __dev_queue_xmit+0x7eb/0x43e0 [ 746.967174][ T1414] ? lockdep_hardirqs_on+0x7c/0x110 [ 746.968829][ T1414] ? finish_task_switch.isra.0+0x221/0xc10 [ 746.970695][ T1414] ? rcu_is_watching+0x12/0xc0 [ 746.972205][ T1414] ? __pfx___dev_queue_xmit+0x10/0x10 [ 746.973900][ T1414] ? __lock_acquire+0xb8a/0x1c90 [ 746.975560][ T1414] ? __lock_acquire+0xb8a/0x1c90 [ 746.977135][ T1414] ? do_raw_spin_lock+0x12c/0x2b0 [ 746.978728][ T1414] ? find_held_lock+0x2b/0x80 [ 746.980210][ T1414] ? skb_dequeue+0x126/0x180 [ 746.981678][ T1414] ? find_held_lock+0x2b/0x80 [ 746.983214][ T1414] ? rcu_is_watching+0x12/0xc0 [ 746.984733][ T1414] tx+0xcc/0x190 [ 746.985895][ T1414] ? __pfx_tx+0x10/0x10 [ 746.987217][ T1414] kthread+0x1e4/0x3e0 [ 746.988539][ T1414] ? find_held_lock+0x2b/0x80 [ 746.990044][ T1414] ? __pfx_kthread+0x10/0x10 [ 746.991507][ T1414] ? __pfx_default_wake_function+0x10/0x10 [ 746.993342][ T1414] ? lockdep_hardirqs_on+0x7c/0x110 [ 746.995029][ T1414] ? __kthread_parkme+0x19e/0x250 [ 746.996621][ T1414] ? __pfx_kthread+0x10/0x10 [ 746.998113][ T1414] kthread+0x3c5/0x780 [ 746.999407][ T1414] ? __pfx_kthread+0x10/0x10 [ 747.000875][ T1414] ? rcu_is_watching+0x12/0xc0 [ 747.002386][ T1414] ? __pfx_kthread+0x10/0x10 [ 747.003872][ T1414] ret_from_fork+0x5d4/0x6f0 [ 747.005399][ T1414] ? __pfx_kthread+0x10/0x10 [ 747.006850][ T1414] ret_from_fork_asm+0x1a/0x30 [ 747.008358][ T1414] [ 747.009866][ T1414] Kernel Offset: disabled [ 747.011234][ T1414] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:09:21 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffff88802b23b640 RCX=ffffffff81af8e33 RDX=ffff88801dea4880 RSI=ffffffff81af8e0d RDI=0000000000000005 RBP=ffffc9000044fd08 RSP=ffffc9000044fbc0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1cb9ed6 R12=1ffff92000089f80 R13=0000000000000003 R14=0000000000000001 R15=ffffed10056476c9 RIP=ffffffff81af8e0f RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809755f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f50cb4b4 CR3=000000004bc13000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000024800000000 0000000500000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000025b6117 RBX=0000000000000001 RCX=ffffffff8b7cfc39 RDX=0000000000000000 RSI=ffffffff8de13e03 RDI=ffffffff8c1566a0 RBP=ffffed1003bdb488 RSP=ffffc9000046fdf8 R8 =0000000000000001 R9 =ffffed1005666645 R10=ffff88802b33322b R11=0000000000000001 R12=0000000000000001 R13=ffff88801deda440 R14=ffffffff90a82850 R15=0000000000000000 RIP=ffffffff8b7ce79f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809765f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000002830c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855875a5 RDI=ffffffff9b06da00 RBP=ffffffff9b06d9c0 RSP=ffffc9000741f438 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000031343154 R12=0000000000000000 R13=0000000000000036 R14=ffffffff9b06d9c0 R15=ffffffff85587540 RIP=ffffffff855875cf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809775f000 ffffffff 00c00000 LDT=0050 ffff88804b6a6000 0000003f 00008200 DPL=0 LDT TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffee389bccc CR3=000000004ab99000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000000c RBX=0000000000000000 RCX=0000000000000000 RDX=0000000000000008 RSI=ffff88801b7f8af0 RDI=ffff88801b7f8000 RBP=ffff88801b7f8000 RSP=ffffc90003ab7720 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000001 R12=ffff88801b7f8af0 R13=ffff88801b7f8af0 R14=0000000000000000 R15=0000000000000002 RIP=ffffffff8197d850 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809785f000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0050 ffff88804b6a6000 0000003f 00008200 DPL=0 LDT TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080006000 CR3=000000004ab99000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000024800000000 0000000500000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000